Re: [Twisted-Python] Blacklisting hosts
> On Aug 9, 2015, at 9:07 AM, Cory Benfield wrote: > > >> On 8 Aug 2015, at 08:07, Chris Norman wrote: >> >> Hi all, >> I am using Twisted to make a game server. I want to be able to ban IP >> addresses. Currently I check if the host is in a blacklist, and if it is, >> call abortConnection on the transport. It works fine, but I'm thinking there >> should be a better way, to actively refuse the connection in the first place? > > I am not aware of any hook in the BSD socket API that lets you refuse a > connection entirely. Generally, you put a socket into ‘listen’ mode > (indicating to the OS that you’ll accept new connections), and then you call > accept() to get the new connection. In fact, the OS will accept the > connection even before you call accept(): it’ll do it asynchronously, and you > will just get the FD for the connection. IIRC Windows has a winsock specific > thing that might do what you want, but that’s pretty platform specific and > probably doesn’t actually prevent the connection getting established anyway. > > If you really want to never allow the connection at all, you’ll probably want > to program iptables (or some other firewall if you aren’t on Linux) to do the > packet filtering for you. A combination of iptables and ipsets will get you a > high-performance IP address blacklist that will drop all packets before they > ever reach your application. There is a shortcut in Twisted, at least, although it does not actually refuse the initial connection for the reasons listed above; you can examine the "addr" passed to IProtocolFactory.buildProtocol and return None. -glyph ___ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Re: [Twisted-Python] Blacklisting hosts
> On 8 Aug 2015, at 08:07, Chris Norman wrote: > > Hi all, > I am using Twisted to make a game server. I want to be able to ban IP > addresses. Currently I check if the host is in a blacklist, and if it is, > call abortConnection on the transport. It works fine, but I'm thinking there > should be a better way, to actively refuse the connection in the first place? I am not aware of any hook in the BSD socket API that lets you refuse a connection entirely. Generally, you put a socket into ‘listen’ mode (indicating to the OS that you’ll accept new connections), and then you call accept() to get the new connection. In fact, the OS will accept the connection even before you call accept(): it’ll do it asynchronously, and you will just get the FD for the connection. IIRC Windows has a winsock specific thing that might do what you want, but that’s pretty platform specific and probably doesn’t actually prevent the connection getting established anyway. If you really want to never allow the connection at all, you’ll probably want to program iptables (or some other firewall if you aren’t on Linux) to do the packet filtering for you. A combination of iptables and ipsets will get you a high-performance IP address blacklist that will drop all packets before they ever reach your application. Cory signature.asc Description: Message signed with OpenPGP using GPGMail ___ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
[Twisted-Python] Updates on the Twisted Buildbots
Hi everyone, If you haven't looked at the buildbots for a while, there's been some changes! (for brevity's sake, unsupported builders will be prefixed with a U, eg "U2.7") - Fedora 17 (2.7), 18 (2.7), 19 (2.7, 3.3), and RHEL6 (2.6) are removed, and replaced by RHEL7 (2.7), Fedora 21 (2.7, 3.4), Fedora 22 (U2.7, U3.4, to be fixed very soon, UPyPy2.4). RHEL6 will return with the 2.7 EPEL soon. - FreeBSD 10.1 is supported on both Py2.7 and Py3.4. - OS X 10.6 has been removed and OSX 10.10 has been added (2.7-select supported, kqueue and cfreactor both unsupported) - Ubuntu 15.04 is now a supported platform (2.7, 3.4) and has unsupported PyPy (2.5) and Jython (2.7) builders. - All of the builders (excepting Windows) are built and ran in a virtualenv. This means that they have up-to-date dependencies, and if Twisted gains dependencies, the infra team can add them to the build process easily. Twisted Regards, Amber "Hawkie" Brown GPG: https://keybase.io/hawkowl signature.asc Description: Message signed with OpenPGP using GPGMail ___ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
