[ Team LiB ] Previous Section Next Section

Recipe 2.13 Prohibiting Outgoing Telnet Connections

2.13.1 Problem

You want to block outgoing Telnet connections.

2.13.2 Solution

To block all outgoing Telnet connections:

For iptables:

# iptables -A OUTPUT -p tcp --dport telnet -j REJECT

For ipchains:

# ipchains -A output -p tcp --dport telnet -j REJECT

To block all outgoing Telnet connections except to yourself from yourself:

For iptables:

# iptables -A OUTPUT -p tcp -o lo --dport telnet -j ACCEPT
# iptables -A OUTPUT -p tcp --dport telnet -j REJECT

For ipchains:

# ipchains -A output -p tcp -i lo --dport telnet -j ACCEPT
# ipchains -A output -p tcp --dport telnet -j REJECT

2.13.3 Discussion

Telnet is notoriously insecure in its most common form, which transmits your login name and password in plaintext over the network. This recipe is a sneaky way to encourage your users to find a more secure alternative, such as ssh. (Unless your users are running Telnet in a secure fashion with Kerberos authentication. [Recipe 4.15])

2.13.4 See Also

iptables(8), ipchains(8), telnet(1).
    [ Team LiB ] Previous Section Next Section