From owner-freebsd-stable@freebsd.org Wed Mar 2 22:54:54 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4BBF0AC127A for ; Wed, 2 Mar 2016 22:54:54 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2F38B1E76 for ; Wed, 2 Mar 2016 22:54:53 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id u22MsleM061173 for ; Wed, 2 Mar 2016 14:54:53 -0800 (PST) (envelope-from bsd-lists@bsdforge.com) To: In-Reply-To: References: <38daa5ebf8d9d06b5595ff8da54cc18c@ultimatedns.net>, From: "Chris H" Subject: Re: Why must X open TCP by default? Date: Wed, 02 Mar 2016 14:54:53 -0800 Content-Type: text/plain; charset=UTF-8; format=fixed MIME-Version: 1.0 Message-id: <4d19e06d7d2c32801a10011cbd46e2e7@ultimatedns.net> Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2016 22:54:54 -0000 On Wed, 2 Mar 2016 15:59:57 -0500 Brandon Allbery wrote > On Wed, Mar 2, 2016 at 3:56 PM, Chris H wrote: > > > Good catch, by both you, and Brandon. I just tried it. But > > sockstat(1) still reports 6000 being open. Closing the X > > server, and session, reveal that 6000 is no longer open. > > Bummer. > > > > Check 'man 7 Xserver' to verify the option needed. You might also have to > check the xserverrc file (I don't recall where it is offhand and can't > really check right now, but startx is a shell script and the default > xserverrc will be set near the top) to see if it is overriding the option. > In that case you could copy the xserverrc to ~/.xserverrc (make sure it's > chmod +x) and edit that copy to force nolisten tcp, or for multiple users > you'd edit the master xserverrc but may need to remember to re-edit after > system updates. > Thanks for the pointers Brandon. I had already consulted them, but (as with your clarification) I glossed over it all a bit too quickly. I saw the difference as: -nolisten && --nolisten rather than as intended: -- -nolisten Once I discovered that, the command worked as intended. OTOH I was unable to discover a way to make the -nolisten option GLOBAL. eg; Xorg will *never* listen on a tcp port. While I could have edited /usr/local/etx/X11/xinit/xinitrc I didn't want to alter it, lest upgrading refuse to update it with the newer version. So I simply created an ~/startx file containing: #!/bin/sh - /usr/local/bin/startx -- -nolisten tcp exit which seems to get the job done, and allow me to be lazy at the CLI. :-) Thanks again, to both you, and Freddie for taking the time to respond with such useful info! --Chris