11 Feb
2024
11 Feb
'24
2:54 p.m.
Hello all,
Following up on this, I made a patch (attached), could you please review
and apply if it looks ok?
The patch creates a new core cfg variable which, if set, will reject any
incoming NEW tcp connection attempt, so we can use this to gracefully drain
kamailio.
Thanks & Regards,
David Villasmil
email: david.villasmil.work(a)gmail.com
phone: +34669448337
Forwarded Conversation
Subject: Reject TCP SYN
------------------------
From: David Villasmil <david.villasmil.work(a)gmail.com>
Date: Thu, Feb 8, 2024 at 2:27 PM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Hello all,
Is there any way of actually rejecting (RST) NEW tcp connection attempts,
while allowing the ongoing ones to finish naturally?
I’m thinking maybe we can add this feature?
Regards,
David Villasmil
email: david.villasmil.work(a)gmail.com
phone: +34669448337
----------
From: Henning Westerholt <hw(a)gilawa.com>
Date: Fri, Feb 9, 2024 at 2:08 PM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Cc: David Villasmil <david.villasmil.work(a)gmail.com>
Hello,
what about e.g. just using something like iptables, nftables etc..?
iptables -A INPUT -p tcp --syn --destination-port <port> -j REJECT
--reject-with icmp-host-prohibited
Cheers,
Henning
----------
From: David Villasmil <david.villasmil.work(a)gmail.com>
Date: Fri, Feb 9, 2024 at 2:42 PM
To: Henning Westerholt <hw(a)gilawa.com>
Cc: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Hey, Henning, yeah I thought about that, but thought that maybe there was a
better way to do it via Kamailio
Thanks!
Regards,
David Villasmil
email: david.villasmil.work(a)gmail.com
phone: +34669448337
13 Feb
13 Feb
12:33 p.m.
Hello David,
so far nobody responded to this e-mail. Maybe you can make a pull request from it, just to
not loose it. Then developers could review and comment on it.
Cheers,
Henning
From: David Villasmil via sr-dev <sr-dev(a)lists.kamailio.org>
Sent: Sonntag, 11. Februar 2024 12:55
To: Kamailio (SER) - Development Mailing List <sr-dev(a)lists.kamailio.org>
Cc: David Villasmil <david.villasmil.work(a)gmail.com>
Subject: [sr-dev] Fwd: Reject TCP SYN
Hello all,
Following up on this, I made a patch (attached), could you please review and apply if it
looks ok?
The patch creates a new core cfg variable which, if set, will reject any incoming NEW tcp
connection attempt, so we can use this to gracefully drain kamailio.
Thanks & Regards,
David Villasmil
email: david.villasmil.work@gmail.com<mailto:david.villasmil.work@gmail.com>
phone: +34669448337
Forwarded Conversation
Subject: Reject TCP SYN
------------------------
From: David Villasmil
<david.villasmil.work@gmail.com<mailto:david.villasmil.work@gmail.com>>
Date: Thu, Feb 8, 2024 at 2:27 PM
To: Kamailio (SER) - Users Mailing List
<sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>>
Hello all,
Is there any way of actually rejecting (RST) NEW tcp connection attempts, while allowing
the ongoing ones to finish naturally?
I’m thinking maybe we can add this feature?
Regards,
David Villasmil
email: david.villasmil.work@gmail.com<mailto:david.villasmil.work@gmail.com>
phone: +34669448337
----------
From: Henning Westerholt <hw@gilawa.com<mailto:hw@gilawa.com>>
Date: Fri, Feb 9, 2024 at 2:08 PM
To: Kamailio (SER) - Users Mailing List
<sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>>
Cc: David Villasmil
<david.villasmil.work@gmail.com<mailto:david.villasmil.work@gmail.com>>
Hello,
what about e.g. just using something like iptables, nftables etc..?
iptables -A INPUT -p tcp --syn --destination-port <port> -j REJECT --reject-with
icmp-host-prohibited
Cheers,
Henning
----------
From: David Villasmil
<david.villasmil.work@gmail.com<mailto:david.villasmil.work@gmail.com>>
Date: Fri, Feb 9, 2024 at 2:42 PM
To: Henning Westerholt <hw@gilawa.com<mailto:hw@gilawa.com>>
Cc: Kamailio (SER) - Users Mailing List
<sr-users@lists.kamailio.org<mailto:sr-users@lists.kamailio.org>>
Hey, Henning, yeah I thought about that, but thought that maybe there was a better way to
do it via Kamailio
Thanks!
Regards,
David Villasmil
email: david.villasmil.work@gmail.com<mailto:david.villasmil.work@gmail.com>
phone: +34669448337
287
days inactive
289
days old
1 comments
2 participants
participants (2)
-
David Villasmil -
Henning Westerholt