block telnet to specific port

Hello All

I am running redhat linux 7.2 and would like to know how i can block telnetting to a specified port .

say for example i would like to block telnet acesses to port 80.

regards
Xiamin

This webpage might have the answer for you. Check it out.
http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-tcpwrappers-xinetd.html

Hi killserv

That was the most helpful link thank you very much.However my question still reamins unanswered.

regards
Hrishy

What do you mean by "telnet access to port 80"? Incoming? Or outgoing? As far as I am aware, there is no reliable means of knowing which application is producing an incoming request, nor is there any reliable way of blocking outgoing requests based on the application. One of the reasons is that there is no set source port - it just picks one above 1024 that isn't in use, and makes the connection.

Someone let me know if I'm wrong...

Hello

I mean something like this .If there is a incomming request to my server thru a telnet session on port 80.Those packests should be dropped.Hope i am clear....( i think it can be done through iptables currently i am raeding them but this thing is not makin much sense to me. ;-D

regards
Hrishy

First of all, the standard telnet port is 23. If you have telnet enabled through inetd.conf...then it's probably the default port of 23. Now to stop port 80 access it's just a little different.

If you had a webserver available on your node....then a person telnetting to it will get the httpd system banner:

**********************
Whatever Linux v2.2.14
Apache vX.X.XX
etc.
**********************

They can then send a GET command using telnet to pull the HTML...this is exactly what a web browser does.

To stop someone from connecting to this port...all you have to do is go into inetd.conf and comment out the HTTP line....which should look something like this:

http stream tcp nowait nobody ?/var/www/server/httpd httpd

This will shutdown the daemon...or "service"......then no one will be able to connect to it. Restart the inetd daemon by issuing the following command:

killall -HUP inetd

BTW, you will NOT be able to block a telnet'd connection to your port....and allow a web browser. To the firewall, they are essentially the same traffic. [TCP from a 1024+ port]

HTH.