Port 6000

[erekose]

I have been trying to close port 6000 on VL5.9 but to no avail.  Really appreciate if someone could point to me how to do it.

[jduped]

To permanently close that port...

go to the terminal

Code:

ifconfig

note the name of the network card that has a live ip, usually eth0 or eth1

with root access find the following file

/etc/rc.d/rc.local

Edit with mouse pad or vi or what every you like to edit with.

Add these line to the end

/sbin/iptables -A CUSTOMINPUT -p tcp -i eth0 --dport 6000 -j DROP
/sbin/iptables -A CUSTOMINPUT -p udp -i eth0 --dport 6000 -j DROP

Assuming your nic is eth0

Save

in the terminal restart rc.local

Code:

sh /etc/rc.d/rc.local

test port.

https://www.grc.com/port_6000.htm

[erekose]

I did but still to no avail. here's the outputs:

<.. snippet of /etc/rc.d/rc.local>
## You may add custom initialisation below this
/sbin/iptables -A CUSTOMINPUT -p tcp -i eth0 --dport 6000 -j DROP
/sbin/iptables -A CUSTOMINPUT -p udp -i eth0 --dport 6000 -j DROP

crash://etc/rc.d
root:# sh /etc/rc.d/rc.local
vcpufreq-load disabled in config...
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
crash://etc/rc.d

could it just be by adding "-nolisten tcp" to disable it ? but i don't know which file exactly.  i did modify the /etc/X11/xdm/Xservers but still the same.

[jduped]

sorry my bad


remove custom
just input

## You may add custom initialisation below this


/sbin/iptables -A INPUT -p tcp -i eth0 --dport 6000 -j DROP
/sbin/iptables -A INPUT -p udp -i eth0 --dport 6000 -j DROP

restart the file...

sh /etc/rc.d/rc.local and test that port.

...works for me

I'm working on my ipcop box right now in the iptables...I was using custom in there, as there existing ip table rules.

[erekose]

ok. thanks.

I have the iptables list as follows:

root:# /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere            tcp dpt:x11
DROP       udp  --  anywhere             anywhere            udp dpt:x11

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

scanning the host still shows the port is up:

PORT     STATE SERVICE
631/tcp  open  ipp
6000/tcp open  X11

Nmap finished: 1 IP address (1 host up) scanned in 0.133 seconds

testing the port from https://www.grc.com/port_6000.htm also said the port was open

maybe i miss some other settings ere ...

[jduped]

I'm not sure why its still opened...

I'm currently modifying my ipcop, and using that site I gave you to test that, I've got a few ports that just won't close, I'm working on those.

as for your issue, you could try this modified version of what I gave you already...it might make a difference... Perhaps looking for a program that will be a graphical interface might be able to get the job done.

Code:

/sbin/iptables -A INPUT -p tcp --syn -i eth0 --dport 6000 -j DROP
/sbin/iptables -A INPUT -p udp -i eth0 --dport 6000 -j DROP

Either of these might help...I'm not sure, just trying to help...

http://sourceforge.net/projects/xfwall/
http://www.simonzone.com/software/guarddog/#download

I'm not sure what else to suggest, I'd say wait and see if any one else has any idea if this doesn't work...when I get my issue cleared up I'll see if can apply to yours and perhaps fix the problem.

[erekose]

ok. thanks.

one thing for sure, port 6000 would be completely closed if i log  to console and invoke the windows manager using the command "startx -nolisten tcp".

[uelsk8s]

open your /usr/share/config/kdm/kdmrc file as root
goto the line that says ServerArgsLocal=
and change it to ServerArgsLocal="-nolisten"