From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <9front-bounces@9front.inri.net> X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: from 9front.inri.net (9front.inri.net [168.235.81.73]) by inbox.vuxu.org (Postfix) with ESMTP id 44D282211E for ; Fri, 26 Jul 2024 05:59:04 +0200 (CEST) Received: from mail.posixcafe.org ([45.76.19.58]) by 9front; Thu Jul 25 23:57:49 -0400 2024 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=posixcafe.org; s=20200506; t=1721966216; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=U+U8Qm6Yocx4cT/wsRJlhDBGJ7TzCdzIu8IpNNAhBLM=; b=ZhxPeko+SzPMAAKW+rwDwpBJ9IV8+ORwITBxYvo/F1qJ6xFT2aK1tPDRuf9rNmQ0veW+H/ KjlrRqhw00VTO+DyGC8eXBn4/6dVnLGYvWXWW1KvFGUBgcYVIZelH/jyP3lUJqKmqDbOei fbsCpmsx2kjm5E9QNZlA5cfkAgoQ4Kc= Received: from [192.168.168.200] ( [207.45.82.38]) by mail.posixcafe.org (OpenSMTPD) with ESMTPSA id 5946d17d (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <9front@9front.org>; Thu, 25 Jul 2024 22:56:55 -0500 (CDT) Message-ID: <45e4c492-9e13-4f2b-9540-5b835c6a4344@posixcafe.org> Date: Thu, 25 Jul 2024 22:57:47 -0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: 9front@9front.org References: <294DAFA846655265107E1B99A7E30ED4@gaff.inri.net> Content-Language: en-US From: Jacob Moody In-Reply-To: <294DAFA846655265107E1B99A7E30ED4@gaff.inri.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: open lifecycle generator Subject: Re: [9front] WANTED: ip based filtering of incoming connections Reply-To: 9front@9front.org Precedence: bulk On 7/25/24 22:47, sl@stanleylieber.com wrote: >> Did you verify it was working with just a single ip address or two? I >> am thinking perhaps you ran in to some arbitrary buffer limit. > > even with only one ip address it has no effect. > > sl Are you sure it's being bound to the right ip interface? In my first example I included the details to bind it to a specific interface by its assigned ip address. Run it on it's one, once, and direct the output to a file. If something gets written at all it has munched that attempted connection. The problem is that it has to be sitting there attempting to dial the ipmux when the connection gets established, if for example you're in the middle of writing one out to /dev/null and you get another request it'll go through because there is nothing currently blocked. I've never tried to use this against some spammy spider, so its possible our little rc loop with aux/dial is not going to cut it.