Issue

We are trying to limit the telnet connection from any individual IP address to 10 in RHEL. However this is not working and it seems that each source can have unlimited connections. Our configuration is set to limit the connections, via the per_source value in /etc/xinetd.conf to 10 as shown below:

# cat /etc/xinetd.conf
defaults
{
…
cps = 300 2
instances = 50
per_source = 10

# cat /etc/xinetd.d/telnet
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd -D report
log_on_failure += USERID
}
Resolution
• Remove the duplicate/backup telnet configuration files in /etc/inetd.d and restart the xinetd service:

# service xinetd restart

Root Cause
• On startup xinetd reads the /etc/xinetd.conf file followed by the files in /etc/xinetd.d. If there are duplicate entries or backup files of the service, the largest value of per_source will be used for that service (it does not matter what order the files are read). In this case there was a file where the per_source was set to unlimited.

Diagnostic Steps
• Check the default setting of the per_source value in /etc/xinetd.conf (the default is 10):

# grep per_source /etc/xinetd.conf
per_source = 10

• Check to see if there are multiple entries for telnet (or the service you are interested in):

# grep per_source `grep -l telnet * `
bkp_telnet: per_source = UNLIMITED
telnet: per_source = 20

In the example above we can see there is a backup telnet file with the per source set to UNLIMITED, though there is a telnet file that specifies 20 the larger setting it taken.