Date: Sun, 24 Mar 2002 18:22:20 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Stanley Chan <stan@cyberec.com> Cc: questions@freebsd.org Subject: Re: how to restrict the telnet Message-ID: <20020324162220.GC5623@hades.hell.gr> In-Reply-To: <3C9D9E14.3D384063@cyberec.com> References: <3C9D9E14.3D384063@cyberec.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2002-03-24 17:36, Stanley Chan wrote:
> Dear sir,
>
> I am using the FreeBSD 4.3 to run my webserver. Can you tell me how can
> I restrict anyone telnet to my machine except me.
The easiest way to get rid of Telnet is not run it at all. Not even for
you. The fact that passwords are in cleartext, travelling on the ``wild''
Internet, is enough for me to stop using Telnet on any machine that is
connected to the Internet.
On the other hand, if you really *must* use Telnet, you might find the
tcpwrappers useful. Telnet is started from inetd, and the default flags to
inetd are:
$ grep inetd_flags /etc/defaults/rc.conf
inetd_flags="-wW" # Optional flags to inetd
With -w and -W enabled, inetd will check the file /etc/hosts.allow when a
connection to telnet is made. The format of the /etc/hosts.allow file is
described in hosts_access(5). Check that manpage, and the existing
examples in /usr/src/etc/hosts.allow and you should easily find your way :)
A minimal access list for telnet, that blocks it for everyone except for
clients coming from 'trustedhost' might look like:
telnet : trustedhost : ALLOW
telnet : ALL : DENY
Cheers,
Giorgos Keramidas FreeBSD Documentation Project
keramida@{freebsd.org,ceid.upatras.gr} http://www.FreeBSD.org/docproj/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020324162220.GC5623>