> On Aug 9, 2015, at 9:07 AM, Cory Benfield <c...@lukasa.co.uk> wrote: > > >> On 8 Aug 2015, at 08:07, Chris Norman <chris.norm...@googlemail.com> wrote: >> >> Hi all, >> I am using Twisted to make a game server. I want to be able to ban IP >> addresses. Currently I check if the host is in a blacklist, and if it is, >> call abortConnection on the transport. It works fine, but I'm thinking there >> should be a better way, to actively refuse the connection in the first place? > > I am not aware of any hook in the BSD socket API that lets you refuse a > connection entirely. Generally, you put a socket into ‘listen’ mode > (indicating to the OS that you’ll accept new connections), and then you call > accept() to get the new connection. In fact, the OS will accept the > connection even before you call accept(): it’ll do it asynchronously, and you > will just get the FD for the connection. IIRC Windows has a winsock specific > thing that might do what you want, but that’s pretty platform specific and > probably doesn’t actually prevent the connection getting established anyway. > > If you really want to never allow the connection at all, you’ll probably want > to program iptables (or some other firewall if you aren’t on Linux) to do the > packet filtering for you. A combination of iptables and ipsets will get you a > high-performance IP address blacklist that will drop all packets before they > ever reach your application.
There is a shortcut in Twisted, at least, although it does not actually refuse the initial connection for the reasons listed above; you can examine the "addr" passed to IProtocolFactory.buildProtocol and return None. -glyph
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
