XrLin Packet Node IV3SCP-2:XSCP

XrLin v504s Packet Node {IV3SCP-2:XSCP} ( Thu, 5 Mar 2026 06:48:37 -0001 )
Admin	Chat	Info	Links	Nodes	PMS	Ports	Routes	Stats	Terminal	Users
TELPROXY.ACL(8)         XR32 REFERENCE MANUAL                28/1/2013

NAME
        TELPROXY.ACL -- TELNET Proxy Egress Control File (Optional).

DESCRIPTION
        The TELPROXY.ACL file contains "rules" to control which
        destinations are allowed to be accessed via the Telnet
        proxy.

        The rules allow you to specify which destination IP
        addresses and TCP ports may be accessed by specified
        source IP ranges.

        If the file is not present, or contains no valid rules,
        all destinations are blocked. Attempting to access
        a blocked destination causes the proxy session to
        disconnect.

        If the rules in ACCESS.SYS are such that your Telnet proxy
        is accessible without password, then egress control is vital,
        to prevent miscreants using your telnet proxy to access other
        systems while hiding their IP address.

FORMAT
        The format of the entries in TELPROXY.ACL is the same as
        other .ACL (Access Control List) files.

        Each "rule" is specified on a separate line. Blank lines,
        or lines beginning with ';' or '#' are ignored. The
        maximum line length is 255 characters.

        Within each rule, fields must be separated by one or
        more spaces or tabs. The fields are as follows:

        <action> <src_ip>[/mask] <dst_ip>[/mask] <port(s)>

        The fields have the following meaning:

        <action>   PERMIT  Allow egress
                   DENY    Prevent egress

        <src_ip>   Source IP address (uplinked user).

        <dst_ip>   Destination IP address (target system).

        [mask]     Optional field.
                   Either: No. of bits (0-32) of address to
                           match from left to right,
                   Or:     Subnet mask in form n.n.n.n

        <port(s)>  One or more TCP service numbers (0-65535) on
                   the target system.  Allowed formats are "n",
                   "n,n,n", "n-n" or combination thereof.


        In the <src_ip> and <dst_ip> fields, 0.0.0.0/0 specifies
        "all addresses".

NOTE
        Rule testing stops at the *first* matching "permit" or
        "deny" statement, so it is vital that the list is ordered
        correctly.  For instance, to allow Internet users to
        access all LAN ports except 513 it would be ok to use:

  deny 0.0.0.0/0  192.168.0.0/24  513
  permit 0.0.0.0/0  192.168.0.0/24  1-65535

        but if the entries were reversed, the "permit" rule would
        match every case and the "deny" rule wouldn't be actioned.

EXAMPLES
        ; Allow LAN users to tunnel to anyone:
        PERMIT 192.168.0.0/24  0.0.0.0/0  0-65535
        ;
        ; Allow Internet users to tunnel only to certain
        ; ports on the node machine:
        PERMIT 0.0.0.0/0  192.168.0.245  23,87,1448,3600
        ;
        ; Allow Internet users to tunnel only to ports 23
        ; and 80 on the BBS machine:
        PERMIT 0.0.0.0/0  192.168.0.4  80,23
        ;
        ; Allow Amprnet users to access any Amprnet destination
        PERMIT 44.0.0.0/8  44.0.0.0/8  0-65535

FILES
       If required, TELPROXY.ACL must be located in the same
       directory as XR32.EXE.

SEE ALSO
        SOCKS.ACL(8) -- SOCKS Proxy Egress Control File
        TELGUEST.ACL(8) -- Telnet Egress Control for Guest Users.
        HTTP.ACL(8) -- HTTP Proxy Egress Control File

TELPROXY.ACL(8)               END OF DOCUMENT