Hello all,
Following up on this, I made a patch (attached), could you please review and apply if it looks ok? The patch creates a new core cfg variable which, if set, will reject any incoming NEW tcp connection attempt, so we can use this to gracefully drain kamailio.
Thanks & Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
Forwarded Conversation Subject: Reject TCP SYN ------------------------
From: David Villasmil david.villasmil.work@gmail.com Date: Thu, Feb 8, 2024 at 2:27 PM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org
Hello all,
Is there any way of actually rejecting (RST) NEW tcp connection attempts, while allowing the ongoing ones to finish naturally?
I’m thinking maybe we can add this feature?
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
---------- From: Henning Westerholt hw@gilawa.com Date: Fri, Feb 9, 2024 at 2:08 PM To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Cc: David Villasmil david.villasmil.work@gmail.com
Hello,
what about e.g. just using something like iptables, nftables etc..?
iptables -A INPUT -p tcp --syn --destination-port <port> -j REJECT --reject-with icmp-host-prohibited
Cheers,
Henning
---------- From: David Villasmil david.villasmil.work@gmail.com Date: Fri, Feb 9, 2024 at 2:42 PM To: Henning Westerholt hw@gilawa.com Cc: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org
Hey, Henning, yeah I thought about that, but thought that maybe there was a better way to do it via Kamailio
Thanks!
Regards,
David Villasmil email: david.villasmil.work@gmail.com phone: +34669448337
Hello David,
so far nobody responded to this e-mail. Maybe you can make a pull request from it, just to not loose it. Then developers could review and comment on it.
Cheers,
Henning
From: David Villasmil via sr-dev sr-dev@lists.kamailio.org Sent: Sonntag, 11. Februar 2024 12:55 To: Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org Cc: David Villasmil david.villasmil.work@gmail.com Subject: [sr-dev] Fwd: Reject TCP SYN
Hello all,
Following up on this, I made a patch (attached), could you please review and apply if it looks ok? The patch creates a new core cfg variable which, if set, will reject any incoming NEW tcp connection attempt, so we can use this to gracefully drain kamailio.
Thanks & Regards,
David Villasmil email: david.villasmil.work@gmail.commailto:david.villasmil.work@gmail.com phone: +34669448337
Forwarded Conversation Subject: Reject TCP SYN ------------------------
From: David Villasmil <david.villasmil.work@gmail.commailto:david.villasmil.work@gmail.com> Date: Thu, Feb 8, 2024 at 2:27 PM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org>
Hello all,
Is there any way of actually rejecting (RST) NEW tcp connection attempts, while allowing the ongoing ones to finish naturally?
I’m thinking maybe we can add this feature?
Regards,
David Villasmil email: david.villasmil.work@gmail.commailto:david.villasmil.work@gmail.com phone: +34669448337
---------- From: Henning Westerholt <hw@gilawa.commailto:hw@gilawa.com> Date: Fri, Feb 9, 2024 at 2:08 PM To: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org> Cc: David Villasmil <david.villasmil.work@gmail.commailto:david.villasmil.work@gmail.com>
Hello,
what about e.g. just using something like iptables, nftables etc..?
iptables -A INPUT -p tcp --syn --destination-port <port> -j REJECT --reject-with icmp-host-prohibited
Cheers,
Henning
---------- From: David Villasmil <david.villasmil.work@gmail.commailto:david.villasmil.work@gmail.com> Date: Fri, Feb 9, 2024 at 2:42 PM To: Henning Westerholt <hw@gilawa.commailto:hw@gilawa.com> Cc: Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org>
Hey, Henning, yeah I thought about that, but thought that maybe there was a better way to do it via Kamailio
Thanks!
Regards,
David Villasmil email: david.villasmil.work@gmail.commailto:david.villasmil.work@gmail.com phone: +34669448337
-
David Villasmil -
Henning Westerholt