Back to article

Disable external X11 for greater security

Turn off this often overlooked service on port 6000

October 24, 1999

startx -- -nolisten tcp
xhosts +local:

If you never want to run X programs on a remote machine to display on your local machine, then you may as well shut off this non-essential service

The -nolisten tcp is passed directly to the X Server. You may want to put this in a system startup file like /usr/X11R6/lib/X11/xinit/xserverrc or /etc/X11/xinit/xserverrc

The xhosts line means "trust all clients who are on local host". This is fine for a workstation with only one user, like a typical home machine.

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.