Blocking vnc requests from clients

[Johnny2Bad]

Hi,
I am running FreeBSD 8.2 and GNOME 2.32.1 and I wish to block any VNC client requests from the internet and I was wondering what is the best way to do this.

Should I go through the firewall, or is there some hidden feature in this version of GNOME that I don't know about?

If firewall is the way to go, what port should I block?

Thanking you in advance,
Jonathan.

 

[pbd]

Hi,
I am running FreeBSD 8.2 and GNOME 2.32.1 and I wish to block any VNC client requests from the internet and I was wondering what is the best way to do this.
Should I go through the firewall,

Yes, you can block incoming connections with it, you can also restrict the addresses on which the VNC server is listening.

or is there some hidden feature in this version of GNOME that I don't know about?

GNOME? As far, as I know, GNOME has nothing to do with this.

If firewall is the way to go, what port should I block?

VNC's default port is tcp/5901.

 

[baronobeefdip]

OpenBSD PF is an excellent firewall in my opinion and from my experience. If you are using a bridge then you have to list two interfaces, One for the inside and the other for the outside. Here's an example of a ruleset line if I wanted to block vnc requests from the outside.
/etc/pf.conf
-outside NIC em0
-inside NIC vic0

block in on em0 proto tcp from any to vic0 port 5901

What this does is that it blocks incoming requests on port 5901 on the em0 NIC, and from everything on the outside which is what the vic0 NIC is connected to. That is what the "any" command is for. I have been testing the pf firewall for a while now and it's been working out perfectly.

Good Luck.

 

[SirDice]

The default VNC ports are 5800 and 5900

 

[pbd]

The default VNC ports are 5800 and 5900

That's right. Too tired, sorry.

 

[Johnny2Bad]

Thanks to you all for your useful posts.