Hello, > On 10 Aug 2015, at 03:32, Glyph <gl...@twistedmatrix.com> wrote: > >> >> On Aug 9, 2015, at 9:07 AM, Cory Benfield <c...@lukasa.co.uk >> <mailto:c...@lukasa.co.uk>> wrote: >> >> >>> On 8 Aug 2015, at 08:07, Chris Norman <chris.norm...@googlemail.com >>> <mailto:chris.norm...@googlemail.com>> wrote: >>> >>> Hi all, >>> I am using Twisted to make a game server. I want to be able to ban IP >>> addresses. Currently I check if the host is in a blacklist, and if it is, >>> call abortConnection on the transport. It works fine, but I'm thinking >>> there should be a better way, to actively refuse the connection in the >>> first place? >> >> I am not aware of any hook in the BSD socket API that lets you refuse a >> connection entirely. Generally, you put a socket into ‘listen’ mode >> (indicating to the OS that you’ll accept new connections), and then you call >> accept() to get the new connection. In fact, the OS will accept the >> connection even before you call accept(): it’ll do it asynchronously, and >> you will just get the FD for the connection. IIRC Windows has a winsock >> specific thing that might do what you want, but that’s pretty platform >> specific and probably doesn’t actually prevent the connection getting >> established anyway. >> >> If you really want to never allow the connection at all, you’ll probably >> want to program iptables (or some other firewall if you aren’t on Linux) to >> do the packet filtering for you. A combination of iptables and ipsets will >> get you a high-performance IP address blacklist that will drop all packets >> before they ever reach your application. > > > There is a shortcut in Twisted, at least, although it does not actually > refuse the initial connection for the reasons listed above; you can examine > the "addr" passed to IProtocolFactory.buildProtocol and return None.
This is perfect, thanks. It would have been better to refuse the connection entirely, but as Corey said, I can use iptables if I get desperate. > > -glyph > > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com <mailto:Twisted-Python@twistedmatrix.com> > http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python > <http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python>
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
