[techtalk] X port

Malcolm Tredinnick malcolm at commsecure.com.au
Tue Jun 27 08:41:57 EST 2000


On Sun, Jun 25, 2000 at 05:53:51PM +0200, Nils Philippsen wrote:
> On Fri, 23 Jun 2000, Malcolm Tredinnick wrote:
> > Typically, X connects on ports 6000, 6001, 6002, ... (where the number
> > increments for each connection). The fun thing here is that you can't
> > completely block off these ports, because of the way X runs even on the
> > local machine -- the local machine must be able to connect to those ports.
> > So if you are controlling the external connections, you have to ensure
> > that you still leave local access to those ports (trust me .. it *is*
> > possible to mess this
> > up if you are me!).
> 
> Not quite. Local connections (as in "DISPLAY=:n", where n is your display
> number) go through local (UNIX) sockets, so they are not affected by IP
> firewalling. Here (XFree86-3.3.6), the sockets are in /tmp/.X11-unix/Xn.
> If you want to mess up X by firewalling, you'd have to set the DISPLAY to
> something like "localhost:n".

Oops! Now you mention it, I realise that I was an idiot when I posted some of
that. Which makes me wonder what else I must have been doing to completely
block out X connections last year (I was fooling around at the time and not
really concentrating, but I'm pretty sure it wasn't the $DISPLAY manipulation
you mentioned).

Ah well .. glad somebody was able to put everybody back on the right path.
Thanks. :-)

Sheepishly,
Malcolm

-- 
Malcolm Tredinnick            email: malcolm at commsecure.com.au
CommSecure Pty Ltd





More information about the Techtalk mailing list