Selectively refusing TCP connections

Ben Mansell (linux-kernel@slimyhorror.com)
Wed, 23 May 2001 18:59:02 +0100 (BST)


Hi all,

Is there any mechanism in Linux for refusing incoming TCP connections?
I'd like to be able to fetch the next incoming connection on a listen
queue, and selectively accept or reject it based on the IP address of the
client. I know this could be done via firewall rules, but for this case,
I'd like an application to have the final say on whether the connection
will be accepted.

I think XTI used to offer this kind of thing, you could get notification
of a new connection when the initial SYN was received, so you could send
back a RST and finish it there and then. Otherwise, you have to go through
the bother of accepting the connection then closing it down properly. Of
course, since everyone uses sockets, and the socket API doesn't provide
this facility, it looks like this feature has ben dropped almost
everywhere.

So, any suggestions?

Thanks,
Ben

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/