I'm trying to close telnet port. I have tried to block it using Guarddog firewall (internet section), and I tried several commands such :
iptables -A INPUT -p tcp --destination-port telnet -j DROP
These "several commands" append rules to already existing firewall rules. See them all with "iptables -L -v". The first match wins, so you must check them all...
You could insert the telnet blocking rule as the first one with "-I", ie:
iptables -I INPUT -p tcp --dport 23 -j DROP
The right way is to analyze each rule
Also, I would rewrite your rule as:
No point in making your rule tcp specific, as wily crackers can tunnel malicious packets over a different protocol (ie UDP, ICMP)
iptables -A INPUT --dport 23 -j DROP
This is clearly illegal and the command obviously fails because the port abstraction is used by both TCP & UDP. You must specify either tcp or udp.
Also, crackers could use any number != 23, so I don't understand your point.
Tunnels could be used in any protocol that the firewall allows. It doesn't invalidate the need for firewalling. You must know what kind of servers your machine runs with netstat. Use "netstat -ltpun"
-l = listening
-t = tcp
-u = udp
-p = process' name
-n = numeric
Final note: keep your servers up to date.