XrLin Packet Node IV3SCP-2:XSCP

XrLin v504s Packet Node {IV3SCP-2:XSCP} ( Thu, 5 Mar 2026 06:48:37 -0001 )
Admin	Chat	Info	Links	Nodes	PMS	Ports	Routes	Stats	Terminal	Users
TELGUEST.ACL(8)         XR32 REFERENCE MANUAL                28/1/2013

NAME
        TELGUEST.ACL -- TELNET Guest Egress Control File (Optional).

DESCRIPTION
        The TELGUEST.ACL file contains "rules" to control which
        destinations are allowed to be accessed by "guest" users
        using the TELNET command.

        The rules allow you to specify which destination IP
        addresses and TCP ports may be accessed by specified
        source IP ranges.

        If the file is not present, or contains no valid rules,
        all destinations are blocked. Attempting to access
        a blocked destination causes the "Access Denied" response.

        If the facility is enabled by suitable entries in
        ACCESS.SYS, "Guest" users are those who access XR32 via
        Telnet, using the password "guest". As it is not known if
        they are genuine Radio Hams, they are prevented from
        downlinking to any AX25 or NetRom destination, but the
        sysop may choose to allow them to access certain other
        destinations using this file.

FORMAT
        The format of the entries in TELGUEST.ACL is the same as
        other .ACL (Access Control List) files.

        Each "rule" is specified on a separate line. Blank lines,
        or lines beginning with ';' or '#' are ignored. The
        maximum line length is 255 characters.

        Within each rule, fields must be separated by one or
        more spaces or tabs. The fields are as follows:

        <action> <src_ip>[/mask] <dst_ip>[/mask] <port(s)>

        The fields have the following meaning:

        <action>   PERMIT  Allow egress
                   DENY    Prevent egress

        <src_ip>   Source IP address (uplinked user).

        <dst_ip>   Destination IP address (target system).

        [mask]     Optional field.
                   Either: No. of bits (0-32) of address to
                           match from left to right,
                   Or:     Subnet mask in form n.n.n.n

        <port(s)>  One or more TCP service numbers (0-65535) on
                   the target system.  Allowed formats are "n",
                   "n,n,n", "n-n" or combination thereof.


        In the <src_ip> and <dst_ip> fields, 0.0.0.0/0 specifies
        "all addresses".

NOTE
        Rule testing stops at the *first* matching "permit" or
        "deny" statement, so it is vital that the list is ordered
        correctly.  For instance, to allow Internet users to
        access all LAN ports except 513 it would be ok to use:

  deny 0.0.0.0/0  192.168.0.0/24  513
  permit 0.0.0.0/0  192.168.0.0/24  1-65535

        but if the entries were reversed, the "permit" rule would
        match every case and the "deny" rule wouldn't be actioned.

EXAMPLES
        ; Allow LAN users to telnet to anyone:
        PERMIT 192.168.0.0/24  0.0.0.0/0  0-65535
        ;
        ; Allow Internet users to telnet only to ports 23
        ; and 80 on the BBS machine:
        PERMIT 0.0.0.0/0  192.168.0.4  80,23
        ;
        ; Allow Amprnet users to access any Amprnet destination
        PERMIT 44.0.0.0/8  44.0.0.0/8  0-65535

FILES
       If required, TELGUEST.ACL must be located in the same
       directory as XR32.EXE.

SEE ALSO
        ACCESS.SYS(8) -- Telnet Access Control File.
        HTTP.ACL(8) -- HTTP Proxy Egress Control File
        SOCKS.ACL(8) -- SOCKS Proxy Egress Control File
        TELPROXY.ACL(8) -- Telnet Proxy Egress Control file.

TELGUEST.ACL(8)               END OF DOCUMENT