Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 29 Oct 1996 10:17:14 -0500 (EST)
From:      Brian Clapper <bmc@telebase.com>
To:        Robert Heron <rh@mtl.pl>
Cc:        questions@freebsd.org
Subject:   Re: telnetd
Message-ID:  <199610291517.KAA08161@telebase.com.>
In-Reply-To: <57726122@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help 
>>>>> "Robert" == Robert Heron <rh@mtl.pl> writes:

Robert> Hello, I'm trying to find in man pages for telnetd an option that
Robert> will limit telnet access to selected machines only. But I found
Robert> nothing...(or missed).  Could I ask you for some suggestions for
Robert> this problem.

1. Use IP-level filtering to block incoming telnet connections except for
   those hosts you want to permit.  You'll need to use the IPFW kernel
   facility, in conjunction with the ipfw(8) command, to accomplish this
   feat.  See `http://www.freebsd.org/handbook/handbook67.html#75' for
   details.

2. Block incoming telnet connections via the TCP wrappers package, which
   you use in conjunction with the `inetd' daemon.  You can download a
   TCP wrappers port from `http://www.freebsd.org/ports/security.html'.
   Be sure to read the docs.

3. Replace `inetd' with `xinetd', which has per-host filtering built in.
   (It more or less combines the capabilities of `inetd' with the
   capabilities of the TCP wrappers.')  Again, see
   http://www.freebsd.org/ports/security.html'.

#2 and #3 are mutually exclusive.  You can use #1 in conjunction with
either #2 or #3 if you want.  Note that packet filtering is the most
minimal kind of firewall (aside from no firewall at all).  Should you care
to delve deeper into this stuff, consult one or both of the following
books.  (Full details on each book are available at the referenced web
site.)

	Chapman, D. Brent and Elizabeth D. Zwicky.  Building Internet
		Firewalls.  http://www.ora.com/catalog/fire/

	Cheswick, William R. and Steven M. Bellovin.  Firewalls and
		Internet Security: Repelling the Wily Hacker.
		http://www.aw.com/cp/Ches.html
----
Brian Clapper .............................................. bmc@telebase.com
http://www.netaxs.com/~bmc/ ............. PGP public key available on request
Do not underestimate the value of print statements for debugging.
Don't have aesthetic convulsions when using them, either.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610291517.KAA08161>