topic Re: Telnet access list in Operating System - HP-UX

Telnet access list

M. Tariq Ayub — Tue, 21 Dec 2004 23:07:03 GMT

I want to restrict incoming telnet to my server. It is running HP-UX 11i. I will only telnet from that server.

Re: Telnet access list

Patrick Wallek — Tue, 21 Dec 2004 23:09:06 GMT

If you are only going to telnet OUT from that server and NOT IN, then comment the telnetd line from /etc/inetd.conf (or delete it) and run an 'inetd -c' to force inetd to re-read its config files.

Re: Telnet access list

stone_wei — Wed, 22 Dec 2004 00:07:14 GMT

If you want to allow sb telnet from special host maybe you should change your network settings in the router, add some access-list

wei

Re: Telnet access list

Biswajit Tripathy — Wed, 22 Dec 2004 01:04:08 GMT

Another way is to use IPFilter to block all incoming
telnets and allow only outgoing telnets. Configure
the following IPFilter rules:

block in quick proto tcp from any to any port = 23
pass out quick proto tcp from any to any port = 23 flags S keep state

One advantage of using IPFilter over the other
methods already suggested is, you could choose
which IP addresses / IP range to allow and which
to block. You can even control how many telnet
sessions you want to allow from a particular
host.

- Biswajit

Re: Telnet access list

Nguyen Anh Tien — Wed, 22 Dec 2004 01:39:51 GMT

If you want to restrict incomming telnet, list IPs in /var/adm/inetd.sec as following:
#telnet deny 10.0.61.* 10.0.0.99
#ftp deny 10.0.61.* 10.0.95.* 10.0.0.99
telnet allow 10.0.91.* 10.0.96.102-109 10.0.96.113-115
and then issue command;
#inetd -c
If you want to disable telnet, just comment this line in /etc/serivice

ftp-data 20/tcp # File Transfer Protocol (Data)
ftp 21/tcp # File Transfer Protocol (Control)
#telnet 23/tcp # Virtual Terminal Protocol
smtp 25/tcp # Simple Mail Transfer Protocol

#/sbin/init.d/inetd stop
#/sbin/init.d/inetd start