Selectively refusing TCP connections

From: Ben Mansell (
Date: Wed May 23 2001 - 12:59:02 EST

Hi all,

Is there any mechanism in Linux for refusing incoming TCP connections?
I'd like to be able to fetch the next incoming connection on a listen
queue, and selectively accept or reject it based on the IP address of the
client. I know this could be done via firewall rules, but for this case,
I'd like an application to have the final say on whether the connection
will be accepted.

I think XTI used to offer this kind of thing, you could get notification
of a new connection when the initial SYN was received, so you could send
back a RST and finish it there and then. Otherwise, you have to go through
the bother of accepting the connection then closing it down properly. Of
course, since everyone uses sockets, and the socket API doesn't provide
this facility, it looks like this feature has ben dropped almost

So, any suggestions?


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed May 23 2001 - 21:00:53 EST