Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!uunet!in3.uu.net!206.229.87.25!news-peer.sprintlink.net!news.sprintlink.net!Sprint!EU.net!main.Germany.EU.net!news-reader.Dortmund.Germany.EU.net!not-for-mail From: knob@wizards.staff.Germany.EU.net (Bernard Steiner) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Accept()-ing a connection from a specific IP address... Date: 21 May 1997 21:48:32 GMT Organization: Customer of EUnet Germany; Info: info@Germany.EU.net Lines: 32 Sender: bs@wizards.staff.Germany.EU.net Message-ID: <5lvqjg$7rq$1@goof.Germany.EU.net> References: <864144757.18711@dejanews.com> <EAHuuM.129@sphynx.fdn.fr> NNTP-Posting-Host: peu-81.do.eunet.de Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Newsreader: knews 0.9.7 Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:41498 In article <EAHuuM.129@sphynx.fdn.fr>, causse@sphynx.fdn.fr (Philippe Causse) writes: > moballa@WESTECHMobile.com wrote: >: Is there any way to use the Accept() routine to only accept a connection >: from a specific IP address? Currently my program accepts a connection >: from anyone issuing a connect() call to it. I would like to specify that >: it should only accept a connection from a particular IP address. > Afetr you created your `listening' socket: > 1) bind it to the interface you whish to accept calls from > (getnetent could help) That helps in cases where you wish to service requests only on a particular interface (or similar). > 2) When accept() returns, check the peer address and if > the address is not an "allowed one", you should immediately > close the returned socket. That does not help really, since AFAIK accept() does a three-way handshake and closing the connection immediately is quite different from not accepting it. What I would like to know is whether or not it is now possible to (a) use the rcvmsg() (or was that recvfrom() ?) calls for bound TCP sockets *and* (b) somehow discard TCP SYNs from illegitimate addresses and optionally tell the other side we are refusing connections ? > Other option (simpler, faster): use the tcp_wrappers library ! You mean reverse-engineer the thing ;-) Bernard