Date: Tue, 29 Oct 1996 10:17:14 -0500 (EST) From: Brian Clapper <bmc@telebase.com> To: Robert Heron <rh@mtl.pl> Cc: questions@freebsd.org Subject: Re: telnetd Message-ID: <199610291517.KAA08161@telebase.com.> In-Reply-To: <57726122@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Robert" == Robert Heron <rh@mtl.pl> writes: Robert> Hello, I'm trying to find in man pages for telnetd an option that Robert> will limit telnet access to selected machines only. But I found Robert> nothing...(or missed). Could I ask you for some suggestions for Robert> this problem. 1. Use IP-level filtering to block incoming telnet connections except for those hosts you want to permit. You'll need to use the IPFW kernel facility, in conjunction with the ipfw(8) command, to accomplish this feat. See `http://www.freebsd.org/handbook/handbook67.html#75' for details. 2. Block incoming telnet connections via the TCP wrappers package, which you use in conjunction with the `inetd' daemon. You can download a TCP wrappers port from `http://www.freebsd.org/ports/security.html'. Be sure to read the docs. 3. Replace `inetd' with `xinetd', which has per-host filtering built in. (It more or less combines the capabilities of `inetd' with the capabilities of the TCP wrappers.') Again, see http://www.freebsd.org/ports/security.html'. #2 and #3 are mutually exclusive. You can use #1 in conjunction with either #2 or #3 if you want. Note that packet filtering is the most minimal kind of firewall (aside from no firewall at all). Should you care to delve deeper into this stuff, consult one or both of the following books. (Full details on each book are available at the referenced web site.) Chapman, D. Brent and Elizabeth D. Zwicky. Building Internet Firewalls. http://www.ora.com/catalog/fire/ Cheswick, William R. and Steven M. Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. http://www.aw.com/cp/Ches.html ---- Brian Clapper .............................................. bmc@telebase.com http://www.netaxs.com/~bmc/ ............. PGP public key available on request Do not underestimate the value of print statements for debugging. Don't have aesthetic convulsions when using them, either.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610291517.KAA08161>