HPE Community
Operating System - Linux
1827877 Members
1495 Online
109969 Solutions
New Discussion

Disable telnet from certain ip

 
R.O.
Esteemed Contributor

‎12-02-2003 07:38 PM

‎12-02-2003 07:38 PM

Disable telnet from certain ip

Hi,

I want to disable telnet in a linux box, but only from certains Ip´s. I know to do this in HPUX, in the file /var/adm/inetd.sec, but how can I do it in red hat?

Th
"When you look into an abyss, the abyss also looks into you"
0 Kudos
Reply
9 REPLIES 9
Mark Grant
Honored Contributor

‎12-02-2003 07:51 PM

‎12-02-2003 07:51 PM

Re: Disable telnet from certain ip

If you use Red Hat or don't mind installing xinetd instead of inetd then you can look at /etc/xinetd.d/telnet and specify an "only_from" line. You would have something like "only_from hostname1 hostname2 etc"

If you are not using xinetd, I think you are ought of luck.
Never preceed any demonstration with anything more predictive than "watch this"
0 Kudos
Reply
R.O.
Esteemed Contributor

‎12-02-2003 07:59 PM

‎12-02-2003 07:59 PM

Re: Disable telnet from certain ip

Hi,

I use xinetd, but wat I want is to specify "not from" or something like this, instead of "only from"

Thanks and regards
"When you look into an abyss, the abyss also looks into you"
0 Kudos
Reply
R.O.
Esteemed Contributor

‎12-02-2003 08:08 PM

‎12-02-2003 08:08 PM

Re: Disable telnet from certain ip

Hi,

I´ve found it. Is putting the clause "no_access" in telnet file.

Thxs & regar
"When you look into an abyss, the abyss also looks into you"
0 Kudos
Reply
James Specht
Trusted Contributor

‎12-03-2003 12:49 AM

‎12-03-2003 12:49 AM

Re: Disable telnet from certain ip

There are two files in /etc. hosts.allow and hosts.deny. In hosts.deny you add the following.

telnet:ALL

This denies telnet to all systems.

In hosts.allow you can add.

telnet:123.123.123.
telnet:servera.abc.com

This will allow only those systems/subnets/IPs listed in the hosts.allow to access your system using telnet.

--Jim
"Everyone can be taught to sculpt: Michelangelo would have had to be taught how not to. So it is with the great programmers."
0 Kudos
Reply
Michael Schulte zur Sur
Honored Contributor

‎12-03-2003 02:26 AM

‎12-03-2003 02:26 AM

Re: Disable telnet from certain ip

Hi,

my idea would be to add this to /etc/profile:
REMOTEIP=expr "`who -m`" : ".*(\(.*\)).*"
case ${REMOTEIP} in
"10.0.0.1"|"10.0.0.2") echo sorry!!;exit;;
esac

greetings,

Michael
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎12-03-2003 11:33 AM

‎12-03-2003 11:33 AM

Re: Disable telnet from certain ip

3 ways to do it.

James mentioned one.

You found a second.

The third is just to firewall it out with 'iptables', i.e.:

iptables -IN INPUT -j DROP -s -p tcp --dport 23

Fun huh? :)
One long-haired git at your service...
0 Kudos
Reply
sujith_2
Occasional Contributor

‎05-10-2004 07:32 PM

‎05-10-2004 07:32 PM

Re: Disable telnet from certain ip

Hi,
I have done it by using webmin utility ( GUI Based System Admin Utility )

In this utility login as root and go to Networking===>Linux Firewall menu

And make one chain to reject from a particular ipaddress. Eg:

Reject If protocol is TCP and source is 192.168.178.134 and input interface is eth1 and destination port is 23

Its very easy...

Sujith
0 Kudos
Reply
Mark Travis
Frequent Advisor

‎05-11-2004 07:51 AM

‎05-11-2004 07:51 AM

Re: Disable telnet from certain ip

The easiest way is tcp wrappers.

man 5 hosts_access on newish redhat systems will take you to the man page.

You can also look at /etc/hosts.allow and /etc/hosts.deny to see a template.
0 Kudos
Reply
Mobeen_1
Esteemed Contributor

‎05-12-2004 06:06 PM

‎05-12-2004 06:06 PM

Re: Disable telnet from certain ip

HO,
I think the best to accomplish this in your existing setup would be using the /etc/hosts.allow and /etc/hosts.deny files.

Edit the file /etc/hosts.allow and make an entry ALL. Then edit file /etc/hosts.deny and make an entry for all the IP addresses which need to be blocked.

Let me know if you have any specific questions.

regards
Mobeen
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.