Hello all,

Following up on this, I made a patch (attached), could you please review and apply if it looks ok?
The patch creates a new core cfg variable which, if set, will reject any incoming NEW tcp connection attempt, so we can use this to gracefully drain kamailio.

Thanks & Regards,

David Villasmil
phone: +34669448337

Forwarded Conversation
Subject: Reject TCP SYN
------------------------

From: David Villasmil <david.villasmil.work@gmail.com>
Date: Thu, Feb 8, 2024 at 2:27 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>


Hello all,

Is there any way of actually rejecting (RST) NEW tcp connection attempts, while allowing the ongoing ones to finish naturally?

I’m thinking maybe we can add this feature?

Regards,

David Villasmil
phone: +34669448337


----------
From: Henning Westerholt <hw@gilawa.com>
Date: Fri, Feb 9, 2024 at 2:08 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Cc: David Villasmil <david.villasmil.work@gmail.com>


Hello,

 

what about e.g. just using something like iptables, nftables etc..?

 

iptables -A INPUT -p tcp --syn --destination-port <port> -j REJECT --reject-with icmp-host-prohibited

 

Cheers,

 

Henning



----------
From: David Villasmil <david.villasmil.work@gmail.com>
Date: Fri, Feb 9, 2024 at 2:42 PM
To: Henning Westerholt <hw@gilawa.com>
Cc: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>



Hey, Henning, yeah I thought about that, but thought that maybe there was a better way to do it via Kamailio

Thanks!

Regards,

David Villasmil
phone: +34669448337