You want to block outgoing Telnet connections.
To block all outgoing Telnet connections:
For iptables:
# iptables -A OUTPUT -p tcp --dport telnet -j REJECT
For ipchains:
# ipchains -A output -p tcp --dport telnet -j REJECT
To block all outgoing Telnet connections except to yourself from yourself:
For iptables:
# iptables -A OUTPUT -p tcp -o lo --dport telnet -j ACCEPT # iptables -A OUTPUT -p tcp --dport telnet -j REJECT
For ipchains:
# ipchains -A output -p tcp -i lo --dport telnet -j ACCEPT # ipchains -A output -p tcp --dport telnet -j REJECT
Telnet is notoriously insecure in its most common form, which transmits your login name and password in plaintext over the network. This recipe is a sneaky way to encourage your users to find a more secure alternative, such as ssh. (Unless your users are running Telnet in a secure fashion with Kerberos authentication. [Recipe 4.15])
iptables(8), ipchains(8), telnet(1).