Watchguard Firebox X1000 User Manual page 211

By default, the Firebox blocks several destination ports.
This measure provides convenient defaults which do not
normally require changing. Typically, the following ser-
vices should be blocked:
X Window System (ports 6000-6063)
X Font Server (port 7100)
NFS (port 2049)
Port 2049 is not assigned to NFS; however, in practice, this
is the most common port used for NFS. The port assigned for
NFS is assigned by the portmapper. If you're using NFS, it
User Guide
The X Window System (or X-Windows) has several
distinct security problems that make it a liability on
the Internet. Although several authentication
schemes are available at the X server level, the most
common ones are easily defeated by a
knowledgeable attacker. If an attacker can connect
to an X server, he or she can easily record all
keystrokes typed at the workstation, collecting
passwords and other sensitive information. Worse,
such intrusions can be difficult or impossible to
detect by all but the most knowledgeable users.
The first X Window server is always on port 6000.
If you have an X server with multiple displays,
each new display uses an additional port number
after 6000, up to 6063 for a maximum of 64 displays
on a given host.
Many versions of X-Windows support font servers.
Font servers are complex programs that run as the
super-user on some hosts. As such, it is best to
explicitly disable access to X font servers.
NFS (Network File System) is a popular TCP/IP
service for providing shared file systems over a
network. However, current versions have serious
authentication and security problems which make
providing NFS service over the Internet very
dangerous.
N
OTE
Blocking Ports
189