# Blocking vnc requests from clients



## Johnny2Bad (Jan 28, 2012)

Hi,
I am running FreeBSD 8.2 and GNOME 2.32.1 and I wish to block any VNC client requests from the internet and I was wondering what is the best way to do this.

Should I go through the firewall, or is there some hidden feature in this version of GNOME that I don't know about?

If firewall is the way to go, what port should I block?

Thanking you in advance,
Jonathan.


----------



## pbd (Jan 28, 2012)

Johnny2Bad said:
			
		

> Hi,
> I am running FreeBSD 8.2 and GNOME 2.32.1 and I wish to block any VNC client requests from the internet and I was wondering what is the best way to do this.
> Should I go through the firewall,



Yes, you can block incoming connections with it, you can also restrict the addresses on which the VNC server is listening.



			
				Johnny2Bad said:
			
		

> or is there some hidden feature in this version of GNOME that I don't know about?



GNOME? As far, as I know, GNOME has nothing to do with this.



			
				Johnny2Bad said:
			
		

> If firewall is the way to go, what port should I block?



VNC's default port is tcp/5901.


----------



## baronobeefdip (Jan 28, 2012)

OpenBSD PF is an excellent firewall in my opinion and from my experience. If you are using a bridge then you have to list two interfaces, One for the inside and the other for the outside. Here's an example of a ruleset line if I wanted to block vnc requests from the outside.
/etc/pf.conf
-outside NIC em0
-inside NIC vic0

```
block in on em0 proto tcp from any to vic0 port 5901
```
What this does is that it blocks incoming requests on port 5901 on the em0 NIC, and from everything on the outside which is what the vic0 NIC is connected to. That is what the "any" command is for. I have been testing the pf firewall for a while now and it's been working out perfectly.

Good Luck.


----------



## SirDice (Jan 30, 2012)

The default VNC ports are 5800 and 5900


----------



## pbd (Jan 30, 2012)

SirDice said:
			
		

> The default VNC ports are 5800 and 5900



That's right. Too tired, sorry.


----------



## Johnny2Bad (Feb 7, 2012)

Thanks to you all for your useful posts.


----------

