From owner-freebsd-questions Sun Mar 24 13:17:56 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id B685937B404 for ; Sun, 24 Mar 2002 13:17:50 -0800 (PST) Received: from hades.hell.gr (patr530-a081.otenet.gr [212.205.215.81]) by mailsrv.otenet.gr (8.12.2/8.12.2) with ESMTP id g2OLHfIg010581; Sun, 24 Mar 2002 23:17:44 +0200 (EET) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.2/8.12.2) with ESMTP id g2OLIXk3007230; Sun, 24 Mar 2002 23:18:41 +0200 (EET) (envelope-from keramida@freebsd.org) Received: (from charon@localhost) by hades.hell.gr (8.12.2/8.12.2/Submit) id g2OGMKol005935; Sun, 24 Mar 2002 18:22:20 +0200 (EET) (envelope-from keramida@freebsd.org) Date: Sun, 24 Mar 2002 18:22:20 +0200 From: Giorgos Keramidas To: Stanley Chan Cc: questions@freebsd.org Subject: Re: how to restrict the telnet Message-ID: <20020324162220.GC5623@hades.hell.gr> References: <3C9D9E14.3D384063@cyberec.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3C9D9E14.3D384063@cyberec.com> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-03-24 17:36, Stanley Chan wrote: > Dear sir, > > I am using the FreeBSD 4.3 to run my webserver. Can you tell me how can > I restrict anyone telnet to my machine except me. The easiest way to get rid of Telnet is not run it at all. Not even for you. The fact that passwords are in cleartext, travelling on the ``wild'' Internet, is enough for me to stop using Telnet on any machine that is connected to the Internet. On the other hand, if you really *must* use Telnet, you might find the tcpwrappers useful. Telnet is started from inetd, and the default flags to inetd are: $ grep inetd_flags /etc/defaults/rc.conf inetd_flags="-wW" # Optional flags to inetd With -w and -W enabled, inetd will check the file /etc/hosts.allow when a connection to telnet is made. The format of the /etc/hosts.allow file is described in hosts_access(5). Check that manpage, and the existing examples in /usr/src/etc/hosts.allow and you should easily find your way :) A minimal access list for telnet, that blocks it for everyone except for clients coming from 'trustedhost' might look like: telnet : trustedhost : ALLOW telnet : ALL : DENY Cheers, Giorgos Keramidas FreeBSD Documentation Project keramida@{freebsd.org,ceid.upatras.gr} http://www.FreeBSD.org/docproj/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message