diff --git a/src/sbbs3/main.cpp b/src/sbbs3/main.cpp
index 5f10745444dc5c1be2761af5d5fcca2a6f23f4f1..1dd312576dffaf886480b73fd4b152f26a24f615 100644
--- a/src/sbbs3/main.cpp
+++ b/src/sbbs3/main.cpp
@@ -5166,20 +5166,22 @@ void DLLCALL bbs_thread(void* arg)
 
 	startup->node_inbuf=node_inbuf;
 
-    /* open a socket and wait for a client */
-    ts_set = xpms_create(startup->bind_retry_count, startup->bind_retry_delay, lprintf);
-    if(ts_set==NULL) {
+	/* open a socket and wait for a client */
+	ts_set = xpms_create(startup->bind_retry_count, startup->bind_retry_delay, lprintf);
+	if(ts_set==NULL) {
 		lprintf(LOG_CRIT,"!ERROR %d creating Terminal Server socket set", ERROR_VALUE);
 		cleanup(1);
 		return;
 	}
-    telnet_cb.protocol="telnet";
-    telnet_cb.startup=startup;
+	if (!(startup->options & BBS_OPT_NO_TELNET)) {
+		telnet_cb.protocol="telnet";
+		telnet_cb.startup=startup;
 
-	/*
-	 * Add interfaces
-	 */
-	xpms_add_list(ts_set, PF_UNSPEC, SOCK_STREAM, 0, startup->telnet_interfaces, startup->telnet_port, "Telnet Server", sock_cb, startup->seteuid, &telnet_cb);
+		/*
+		 * Add interfaces
+		 */
+		xpms_add_list(ts_set, PF_UNSPEC, SOCK_STREAM, 0, startup->telnet_interfaces, startup->telnet_port, "Telnet Server", sock_cb, startup->seteuid, &telnet_cb);
+	}
 
 	if(startup->options&BBS_OPT_ALLOW_RLOGIN) {
 		/* open a socket and wait for a client */
diff --git a/src/sbbs3/sbbscon.c b/src/sbbs3/sbbscon.c
index 22f0474c463da00a690b5eba0240350271dbaffd..5661938602bf33d4bef49c7607c208013cb1f50e 100644
--- a/src/sbbs3/sbbscon.c
+++ b/src/sbbs3/sbbscon.c
@@ -2045,42 +2045,43 @@ int main(int argc, char** argv)
     signal(SIGALRM, SIG_IGN);       /* Ignore "Alarm" signal */
 	_beginthread((void(*)(void*))handle_sigs,0,NULL);
     if(!capabilities_set) { /* capabilities were NOT set, fallback to original handling of thread options */
-    	if(new_uid_name[0]!=0) {        /*  check the user arg, if we have uid 0 */
-    		/* Can't recycle servers (re-bind ports) as non-root user */
-    		/* If DONT_BLAME_SYNCHRONET is set, keeps root credentials laying around */
+		if(new_uid_name[0]!=0) {        /*  check the user arg, if we have uid 0 */
+			/* Can't recycle servers (re-bind ports) as non-root user */
+			/* If DONT_BLAME_SYNCHRONET is set, keeps root credentials laying around */
 #if !defined(DONT_BLAME_SYNCHRONET)
-    		if(!thread_suid_broken) {
-     			if(bbs_startup.telnet_port < IPPORT_RESERVED
-    				|| ((bbs_startup.options & BBS_OPT_ALLOW_RLOGIN)
-    					&& bbs_startup.rlogin_port < IPPORT_RESERVED)
+			if(!thread_suid_broken) {
+				if(((bbs_startup.options & BBS_OPT_NO_TELNET) == 0
+						&& bbs_startup.telnet_port < IPPORT_RESERVED)
+					|| ((bbs_startup.options & BBS_OPT_ALLOW_RLOGIN)
+						&& bbs_startup.rlogin_port < IPPORT_RESERVED)
 #ifdef USE_CRYPTLIB
-    				|| ((bbs_startup.options & BBS_OPT_ALLOW_SSH)
-    					&& bbs_startup.ssh_port < IPPORT_RESERVED)
+					|| ((bbs_startup.options & BBS_OPT_ALLOW_SSH)
+						&& bbs_startup.ssh_port < IPPORT_RESERVED)
 #endif
-    				) {
+					) {
 					lputs(LOG_WARNING, "Disabling Terminal Server recycle support");
-    				bbs_startup.options|=BBS_OPT_NO_RECYCLE;
+					bbs_startup.options|=BBS_OPT_NO_RECYCLE;
 				}
-    			if(ftp_startup.port < IPPORT_RESERVED) {
+				if(ftp_startup.port < IPPORT_RESERVED) {
 					lputs(LOG_WARNING, "Disabling FTP Server recycle support");
-    				ftp_startup.options|=FTP_OPT_NO_RECYCLE;
+					ftp_startup.options|=FTP_OPT_NO_RECYCLE;
 				}
-    			if(web_startup.port < IPPORT_RESERVED) {
+				if(web_startup.port < IPPORT_RESERVED) {
 					lputs(LOG_WARNING, "Disabling Web Server recycle support");
-    				web_startup.options|=BBS_OPT_NO_RECYCLE;
+					web_startup.options|=BBS_OPT_NO_RECYCLE;
 				}
-    			if(((mail_startup.options & MAIL_OPT_ALLOW_POP3)
-    				&& mail_startup.pop3_port < IPPORT_RESERVED)
-    				|| mail_startup.smtp_port < IPPORT_RESERVED) {
+				if(((mail_startup.options & MAIL_OPT_ALLOW_POP3)
+					&& mail_startup.pop3_port < IPPORT_RESERVED)
+					|| mail_startup.smtp_port < IPPORT_RESERVED) {
 					lputs(LOG_WARNING, "Disabling Mail Server recycle support");
-    				mail_startup.options|=MAIL_OPT_NO_RECYCLE;
+					mail_startup.options|=MAIL_OPT_NO_RECYCLE;
 				}
 				/* Perhaps a BBS_OPT_NO_RECYCLE_LOW option? */
 				lputs(LOG_WARNING, "Disabling Services recycle support");
-    			services_startup.options|=BBS_OPT_NO_RECYCLE;
-    		}
+				services_startup.options|=BBS_OPT_NO_RECYCLE;
+			}
 #endif /* !defined(DONT_BLAME_SYNCHRONET) */
-    	}
+		}
     } /* end if(!capabilities_set) */
 	_beginthread(status_thread, 0, &status_startup);
 #endif /* defined(__unix__) */
diff --git a/src/sbbs3/startup.h b/src/sbbs3/startup.h
index a8af8cf80654410dff96781e6fdcd206015345eb..361123d4ad1e108a4391767b270804875d83e9c2 100644
--- a/src/sbbs3/startup.h
+++ b/src/sbbs3/startup.h
@@ -177,6 +177,7 @@ static struct init_field {
 #define BBS_OPT_ALLOW_SSH			(1<<12)	/* Allow logins via BSD SSH			*/
 #define BBS_OPT_NO_DOS				(1<<13) /* Don't attempt to run 16-bit DOS programs */
 #define BBS_OPT_NO_NEWDAY_EVENTS	(1<<14)	/* Don't check for a new day in event thread */
+#define BBS_OPT_NO_TELNET		(1<<15)	/* Don't accept incoming telnet connections */
 #define BBS_OPT_HAPROXY_PROTO   	(1<<26)	/* Incoming requests are via HAproxy */
 #define BBS_OPT_NO_RECYCLE			(1<<27)	/* Disable recycling of server		*/
 #define BBS_OPT_GET_IDENT			(1<<28)	/* Get Identity (RFC 1413)			*/
@@ -190,26 +191,27 @@ static struct init_field {
 #if defined(STARTUP_INI_BITDESC_TABLES)
 static ini_bitdesc_t bbs_options[] = {
 
-	{ BBS_OPT_XTRN_MINIMIZED		,"XTRN_MINIMIZED"		},
-	{ BBS_OPT_AUTO_LOGON			,"AUTO_LOGON"			},
-	{ BBS_OPT_DEBUG_TELNET			,"DEBUG_TELNET"			},
-	{ BBS_OPT_SYSOP_AVAILABLE		,"SYSOP_AVAILABLE"		},
-	{ BBS_OPT_ALLOW_RLOGIN			,"ALLOW_RLOGIN"			},
-	{ BBS_OPT_NO_QWK_EVENTS			,"NO_QWK_EVENTS"		},
-	{ BBS_OPT_NO_TELNET_GA			,"NO_TELNET_GA"			},
-	{ BBS_OPT_NO_EVENTS				,"NO_EVENTS"			},
-	{ BBS_OPT_NO_HOST_LOOKUP		,"NO_HOST_LOOKUP"		},
-	{ BBS_OPT_NO_SPY_SOCKETS		,"NO_SPY_SOCKETS"		},
-	{ BBS_OPT_ALLOW_SSH				,"ALLOW_SSH"			},
-	{ BBS_OPT_NO_DOS				,"NO_DOS"				},
-	{ BBS_OPT_NO_NEWDAY_EVENTS		,"NO_NEWDAY_EVENTS"		},
-	{ BBS_OPT_NO_RECYCLE			,"NO_RECYCLE"			},
-	{ BBS_OPT_GET_IDENT				,"GET_IDENT"			},
-	{ BBS_OPT_NO_JAVASCRIPT			,"NO_JAVASCRIPT"		},
-	{ BBS_OPT_HAPROXY_PROTO			,"HAPROXY_PROTO"		},
-	{ BBS_OPT_MUTE					,"MUTE"					},
+	{ BBS_OPT_XTRN_MINIMIZED   ,"XTRN_MINIMIZED"   },
+	{ BBS_OPT_AUTO_LOGON       ,"AUTO_LOGON"       },
+	{ BBS_OPT_DEBUG_TELNET     ,"DEBUG_TELNET"     },
+	{ BBS_OPT_SYSOP_AVAILABLE  ,"SYSOP_AVAILABLE"  },
+	{ BBS_OPT_ALLOW_RLOGIN     ,"ALLOW_RLOGIN"     },
+	{ BBS_OPT_NO_QWK_EVENTS    ,"NO_QWK_EVENTS"    },
+	{ BBS_OPT_NO_TELNET_GA     ,"NO_TELNET_GA"     },
+	{ BBS_OPT_NO_EVENTS        ,"NO_EVENTS"        },
+	{ BBS_OPT_NO_HOST_LOOKUP   ,"NO_HOST_LOOKUP"   },
+	{ BBS_OPT_NO_SPY_SOCKETS   ,"NO_SPY_SOCKETS"   },
+	{ BBS_OPT_ALLOW_SSH        ,"ALLOW_SSH"        },
+	{ BBS_OPT_NO_DOS           ,"NO_DOS"           },
+	{ BBS_OPT_NO_NEWDAY_EVENTS ,"NO_NEWDAY_EVENTS" },
+	{ BBS_OPT_NO_TELNET        ,"NO_TELNET"        },
+	{ BBS_OPT_NO_RECYCLE       ,"NO_RECYCLE"       },
+	{ BBS_OPT_GET_IDENT        ,"GET_IDENT"        },
+	{ BBS_OPT_NO_JAVASCRIPT    ,"NO_JAVASCRIPT"    },
+	{ BBS_OPT_HAPROXY_PROTO    ,"HAPROXY_PROTO"    },
+	{ BBS_OPT_MUTE             ,"MUTE"             },
 	/* terminator */										
-	{ 0								,NULL					}
+	{ 0                        ,NULL               }
 };
 
 #ifndef STARTUP_INI_JSOPT_BITDESC_TABLE