2.13. Prohibiting Outgoing Telnet Connections
Problem
You want to block outgoing Telnet connections.
Solution
To block all outgoing Telnet connections:
For
iptables:
# iptables -A OUTPUT -p tcp --dport telnet -j REJECT
For ipchains:
# ipchains -A output -p tcp --dport telnet -j REJECT
To block all outgoing Telnet connections except to yourself from yourself:
For iptables:
# iptables -A OUTPUT -p tcp -o lo --dport telnet -j ACCEPT # iptables -A OUTPUT -p tcp --dport telnet -j REJECT
For ipchains:
# ipchains -A output -p tcp -i lo --dport telnet -j ACCEPT # ipchains -A output -p tcp --dport telnet -j REJECT
Discussion
Telnet is notoriously insecure in its most common form, which transmits your login name and password in plaintext over the network. This recipe is a sneaky way to encourage your users to find a more secure alternative, such as ssh. (Unless your users are running Telnet in a secure fashion with Kerberos authentication. [Recipe 4.15])
See Also
iptables(8), ipchains(8), telnet(1).
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
