Hello, > On 10 Aug 2015, at 03:32, Glyph <[email protected]> wrote: > >> >> On Aug 9, 2015, at 9:07 AM, Cory Benfield <[email protected] >> <mailto:[email protected]>> wrote: >> >> >>> On 8 Aug 2015, at 08:07, Chris Norman <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi all, >>> I am using Twisted to make a game server. I want to be able to ban IP >>> addresses. Currently I check if the host is in a blacklist, and if it is, >>> call abortConnection on the transport. It works fine, but I'm thinking >>> there should be a better way, to actively refuse the connection in the >>> first place? >> >> I am not aware of any hook in the BSD socket API that lets you refuse a >> connection entirely. Generally, you put a socket into ‘listen’ mode >> (indicating to the OS that you’ll accept new connections), and then you call >> accept() to get the new connection. In fact, the OS will accept the >> connection even before you call accept(): it’ll do it asynchronously, and >> you will just get the FD for the connection. IIRC Windows has a winsock >> specific thing that might do what you want, but that’s pretty platform >> specific and probably doesn’t actually prevent the connection getting >> established anyway. >> >> If you really want to never allow the connection at all, you’ll probably >> want to program iptables (or some other firewall if you aren’t on Linux) to >> do the packet filtering for you. A combination of iptables and ipsets will >> get you a high-performance IP address blacklist that will drop all packets >> before they ever reach your application. > > > There is a shortcut in Twisted, at least, although it does not actually > refuse the initial connection for the reasons listed above; you can examine > the "addr" passed to IProtocolFactory.buildProtocol and return None.
This is perfect, thanks. It would have been better to refuse the connection entirely, but as Corey said, I can use iptables if I get desperate. > > -glyph > > _______________________________________________ > Twisted-Python mailing list > [email protected] <mailto:[email protected]> > http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python > <http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python>
_______________________________________________ Twisted-Python mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
