topic Re: How to limit telnet session from some designated clients ? in Operating System - Linux

How to limit telnet session from some designated clients ?

yyghp — Wed, 08 Jun 2005 10:23:48 GMT

How can I limit only several designated clients can telnet my Linux server ?

I know the IPs and the Hostnames of those clients.

Thanks !

Re: How to limit telnet session from some designated clients ?

Steven E. Protter — Wed, 08 Jun 2005 10:34:54 GMT

Use the iptables firewall to deny telnet and then accept only from those ip's you want.

iptables -I INPUT -s 0/0 -p tcp --dport 23 -j DROP
iptables -I INPUT -s -p tcp --deport 23 -j ACCEPT
... repeat for each ip address

Use -A in a firewall startup script.

SEP

Re: How to limit telnet session from some designated clients ?

yyghp — Wed, 08 Jun 2005 10:40:51 GMT

do I have to enable firewall on Linux ? is there any other way except firewall ?
thanks a lot !

Re: How to limit telnet session from some designated clients ?

Gopi Sekar — Wed, 08 Jun 2005 11:23:58 GMT

you can use host access control method to deny access. you can deny access to telnet sessions by putting entries in /etc/hosts.allow and /etc/hosts.deny

check man hosts.allow and hosts.deny for more information.

Regards,
Gopi

Re: How to limit telnet session from some designated clients ?

yyghp — Wed, 08 Jun 2005 11:50:18 GMT

but /etc/hosts.allow and /etc/hosts will block all services, not just telnet.

thanks!

Re: How to limit telnet session from some designated clients ?

xyko_1 — Wed, 08 Jun 2005 13:43:56 GMT

Hi yyghp,

If telnet is configured in xinetd on your system, you can do what you want using only_from parameter on the configuration file.

man xinetd.conf

will help you.

regards,
xyko

Re: How to limit telnet session from some designated clients ?

Steven E. Protter — Wed, 08 Jun 2005 14:41:45 GMT

Honestly, I think the firewall is a good bet.

HP-UX has a file called /var/adm/inetd.sec

This lets you allow and deny hosts by service name AND ip address.

I can't find the functional equivalent in Linux.

SEP

Re: How to limit telnet session from some designated clients ?

Gopi Sekar — Thu, 09 Jun 2005 00:19:11 GMT

hosts.allow and hosts.deny can be configured for individual services. check 'man hosts_access' and 'man hosts_options' to get more info on this.

for your case, you can use like this:
/etc/hosts.allow:

in.telnetd: ALL EXCEPT HOST1, HOST2

you can also setup to send mail to the administrator when some one from the exception list trying to access

Regards,
Gopi

Re: How to limit telnet session from some designated clients ?

Bejoy C Alias — Thu, 09 Jun 2005 08:02:39 GMT

Hi,
u can use iptables to block /allow specific connections. The iptables rpm will be installed by default mostly, otherwise install the rpm . Edit the /etc/sysconfig/iptables file to include ur rules. Note that the rules will be analyzed from top to bottom in that order . So allow connections first , then deny the connections, other wise all the connections will be denied at the first rule set itself.

the entries in iptables file will be like this ...for ur setup..

*filter
-A INPUT -p tcp -m tcp -s --dport 23 -j ACCEPT --syn
.....add entries for each ip....
-A INPUT -p tcp -m tcp -j REJECT --syn

Dear SEP,
Ur idea is correct but it will not allow any telnet connections. The order should be reversed as the rules will be analyzed from top to bottom, in ur reply the connections will be rejected at the very first comparison. The remaining rules will not be checked.