From 794962ac85523234d297df6f0a351bb720aedace Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 25 Apr 2017 12:28:26 +0100
Subject: [PATCH] Drop any outgoing telnet connections

---
 src/freedombone-utils-firewall | 13 +++++++++++++
 src/freedombone-utils-setup    |  3 +++
 2 files changed, 16 insertions(+)

diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index ecdea10dd..dc9433998 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -153,6 +153,19 @@ function configure_firewall {
     mark_completed $FUNCNAME
 }
 
+function firewall_drop_telnet {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+    # telnet isn't enabled as an input and we can also
+    # drop any outgoing telnet, just in case
+    iptables -A OUTPUT -p tcp --dport telnet -j REJECT
+    iptables -A OUTPUT -p udp --dport telnet -j REJECT
+    function_check save_firewall_settings
+    save_firewall_settings
+    mark_completed $FUNCNAME
+}
+
 function configure_firewall_ping {
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return
diff --git a/src/freedombone-utils-setup b/src/freedombone-utils-setup
index dd2d14426..91eeca3e2 100755
--- a/src/freedombone-utils-setup
+++ b/src/freedombone-utils-setup
@@ -561,6 +561,9 @@ function setup_firewall {
     function_check configure_firewall_ping
     configure_firewall_ping
 
+    function_check firewall_drop_telnet
+    firewall_drop_telnet
+
     function_check configure_firewall_for_dns
     configure_firewall_for_dns
 
-- 
GitLab