Ubuntu Linux telnet的安装设置(1)(2)
- service telnet
- {
- disable =no
- bind =192.168.1.2
- only_from=192.168.1.0/24
- #上面这两行说明仅提供内部网段!
- Instance =UNLIMITED
- Nice =0
- Flags =REUSE
- socket_type=stream
- wait =no
- user =root
- #server =/usr/sbin/telnetd
- server =/usr/sbin/in.telnetd
- server_args =-a none
- log_on_failure +=USERID
- }
- service telnet
- {
- disable =no
- bind =140.116.142.196
- only_from=140.116.0.0/16
- no_access=140.116.32.{10,26}
- #上面三行设置外部较为严格的限制
- instance =10
- umask =022
- nice =10
- flags =REUSE
- socket_type=stream
- wait =no
- user =root
- #server =/usr/sbin/telnetd
- server =/usr/sbin/in.telnetd
- log_on_failure +=USERID
- }
9.加设防火墙iptables:
如果想要针对192.168.0.0/24这个网段及61.xxx.xxx.xxx这个IP进行telnet开放,可以增加下面几行规则:
- /sbin/iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/24 --dport 23 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp -i eth0 -s 61.xxx.xxx.xxx --dport 23 -j ACCEPT
- /sbin/iptables -A INPUT -p tcp -i eth0 --dport 23 -j DROP
10.Ubuntu Linux telnet最后一项设置,加设防火墙/etc/hosts.allow(deny)机制:
上面开放了192.168.0.0/24这个网段,但是如果您只想让其中的192.168.0.1~192.168.0.5进入,可以设置如下 :
- vi /etc/hosts.allow
- in.telnetd:192.168.0.1,192.168.0.2,192.168.0.3,192.168.0.4,192.168.0.5:allow
评论暂时关闭