Hello David,
so far nobody responded to this e-mail. Maybe you can make a pull request from it, just to not loose it. Then developers could review and comment on it.
Cheers,
Henning
From: David Villasmil via sr-dev <sr-dev@lists.kamailio.org>
Sent: Sonntag, 11. Februar 2024 12:55
To: Kamailio (SER) - Development Mailing List <sr-dev@lists.kamailio.org>
Cc: David Villasmil <david.villasmil.work@gmail.com>
Subject: [sr-dev] Fwd: Reject TCP SYN
Hello all,
Following up on this, I made a patch (attached), could you please review and apply if it looks ok?
The patch creates a new core cfg variable which, if set, will reject any incoming NEW tcp connection attempt, so we can use this to gracefully drain kamailio.
Forwarded Conversation
Subject: Reject TCP SYN
------------------------
From: David Villasmil <david.villasmil.work@gmail.com>
Date: Thu, Feb 8, 2024 at 2:27 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Hello all,
Is there any way of actually rejecting (RST) NEW tcp connection attempts, while allowing the ongoing ones to finish naturally?
I’m thinking maybe we can add this feature?
----------
From: Henning Westerholt <hw@gilawa.com>
Date: Fri, Feb 9, 2024 at 2:08 PM
To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Cc: David Villasmil <david.villasmil.work@gmail.com>
Hello,
what about e.g. just using something like iptables, nftables etc..?
iptables -A INPUT -p tcp --syn --destination-port <port> -j REJECT --reject-with icmp-host-prohibited
Cheers,
Henning
----------
From: David Villasmil <david.villasmil.work@gmail.com>
Date: Fri, Feb 9, 2024 at 2:42 PM
To: Henning Westerholt <hw@gilawa.com>
Cc: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org>
Hey, Henning, yeah I thought about that, but thought that maybe there was a better way to do it via Kamailio
Thanks!