Thanks for the quick reply. I want to use tcp, is it possible to leverage TCPListener or I have to invent my own? It seems I'll face the same issue as I do with tls?
On Friday, March 15, 2019 at 9:46:00 PM UTC+8, Andrei Tudor Călin wrote: > > Begin by implementing a `net.Listener` which checks the list of allowed > IPs. > You'll be able to run code before the connection is passed on to > crypto/tls. > Wrap it using https://golang.org/pkg/crypto/tls/#NewListener. > > On 3/15/19 2:10 PM, Glen Huang wrote: > > I'm trying to limit which clients are allowed to connect to my tls > server > > by their IPs. > > > > I know I can do that after Accept, check their IPs and close the > connection > > if they're not whitelisted. But that means the full tls handshake has to > > complete before I can do that. > > > > Another option is that I can use nftables to whitelist clients at the > > kernel level. But to do that, I either have to spawn a subprocess to > call > > nft, which is kinda slow or use google/nftables that isn't production > ready > > yet (also missing some features I need). > > > > Is there anyway I can drop the tls connection when a client sends SYN? > > > > Thanks in advance. > > > > -- > Andrei Tudor Călin > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
