I try to block telnet from internet (ISDN), but want to be able to use telnet in my internal network. I can't figure out how to do this with ipchains...

Could anyone help me???

hmm okay.. we'll call your ISDN box $ISDN but you need to subsitute that with the interface (either something like ppp0 or eth0, etc)


# this will allow input on tcp port 23
/sbin/ipchains -A input -i $INTERNAL_INFERFACE -p tcp -s 0/0 1024:65535 -d 0/0 23 -j ACCEPT

# this will block everything on your outer interface on tcp port 23
/sbin/ipchains -A input -i $ISDN -p tcp -s 0/0 1024:65535 -d $OUTER_INTERNET_IP/24 23 -j DENY -l


this will allow tcp port 23 on your internal interface and deny everything coming into your external ($ISDN) interface on tcp port 23.

regards,

~kyle

hi, I think this should do it:
ipchains -A input -i extif -s ! localnet -d localnet telnet -l -j REJECT
that would reject (return a icmp-port-unreachable) to everyone on the outside you should replace:
extif (the interface which connects to the internet)
localnet (your inet address i.e. 192.168.0.0/24).
hope this makes sense :)

First, thanks...

While I was waiting for replys I figured this out:

ipchains -A input -i ippp0 -p tcp -y --destination-port 23 -j DENY

Will this be secure???

add the -l feature (that's a lowercase L) to log any attempt.

Thanks again, works great... :D