I had looked into that, but I could not figure out where to add it. The entire process of accepting the connection and doing the necessary SSH things to get the port forward working is handled entirely by Mina / SSHD; there is no place for my application code to get into that process and mess with the IoSession or SocketAcceptor.
I had thought down the filter road before, and I believe I would need something like an NioSocketAcceptorFactory (a new interface) that the TcpipForwardSupport uses in initialize(), giving me a chance to wire in whatever additional Filters I want? -Bill On Mon, Apr 18, 2011 at 9:36 AM, Ashish <paliwalash...@gmail.com> wrote: > IMHO, using BlacklistFilter would be a better option > > Check out org.apache.mina.filter.firewall.BlacklistFilter > > thanks > ashish > > On Mon, Apr 18, 2011 at 6:49 PM, Bill Kuker <bku...@martellotech.com> > wrote: > > Hello. > > > > I am currently using the ForwardingFilter's canListen() & canConnect() > > functions in my application to control which port forwards SSH clients > are > > allowed to create. I would like to also be able to filter incoming > > connections to listening port forwards. For the moment I added a method > to > > the ForwardingFilter interface: > > > > boolean isAllowed(InetSocketAddress sourceAddress, InetSocketAddress > > destinationAddress, ServerSession session); > > > > And check with it from TcpipForwardSupport's sessionCreated() function. > > > > > > I think this is a useful capability for applications with embedded SSH > > servers, and would like to submit a patch, rather than re-applying it to > > each release, but I wanted to ask if there would be a better, more likely > to > > be accepted, design for it, and also ask if I have just missed a less > > obvious way to accomplish this with the existing code. > > > > Thanks, > > > > Bill > > > > > > -- > thanks > ashish > > Blog: http://www.ashishpaliwal.com/blog > My Photo Galleries: http://www.pbase.com/ashishpaliwal >
