Scott Raney
Thu, 14 Sep 2000 09:57:01 -0700
On Thu, 14 Sep 2000, Pierre Sahores wrote: > Phil Davis wrote: > > > > I would like MC to detect all incoming connection requests, > > regardless of the requested port, and respond by issuing a > > message. I envision a message whose parameters contain all > > available info on the connection request. If the connection > > request is for a port where the stack is listening, this message > > would be fired before the socket is opened. For example: > > > > on socketRequest pPortNum, pRequestData > > if pPortNum is among the lines of the permittedPorts of me > > then > > pass socketRequest > > else > > put short date && long time & tab \ > > & pPortNum & tab \ > > & digested(pRequestData) & cr \ > > after url "file:log" > > end if > > end socketRequest > > > > Maybe it could be used to prevent the opening of an otherwise > > accepting port under certain conditions, similar to the way > > "closeStackRequest" can be used to prevent the closing of a stack. > > > > This feature would enable us to build things like firewalls that > > log all connection requests, whether they were honored or not. > > > > Does this sound useful to anyone besides me? > > -- > > Phil Davis > > ----------------------------------- > > [EMAIL PROTECTED] > > days: (503) 417-7930 > > eves: (503) 557-5656 > > ----------------------------------- > > Facilitator > > Essentials of eBusiness Computing > > Information Technology Institute > > http://www.iti.com > > > > Archives: http://www.mail-archive.com/metacard%40lists.best.com/ > > Info: http://www.xworlds.com/metacard/mailinglist.htm > > Please send bug reports to <[EMAIL PROTECTED]>, not this list. > > > That's would realy be a top key feature Phil, even on unixes, probably usable to > secure ip-chains configs... > > Is it a way to do that avalaible in mc, Scott ? I guess I really don't follow this. If what you're trying to build is some sort of proxy or firewall, this could probably be done with using the standard "accept" command. But there is no way for one process to "pass" a socket request onto another process, so you'd have to do it the way existing firewalls and proxies do: you accept a connection from outside and then open another a socket connection to the inside, then write data read from the outside socket to the inside socket. And I say "probably" because at least some types of socket-based protocols require access to low-level socket features not available in the MetaCard sockets API (out-of-band data being the most notable of these). Regards, Scott > Regards, Pierre Sahores > > WEB, DB, B2B & ASP design. > Because people develop knowledge from scratch > rather than being born with built-in knowledge, > we can adapt to different circumstances. > Sampson, Geoffrey. Educating Eve : > The "Language Instinct" debate. > London: Cassell, 1997 [1999]. ******************************************************** Scott Raney [EMAIL PROTECTED] http://www.metacard.com MetaCard: You know, there's an easier way to do that... Archives: http://www.mail-archive.com/metacard%40lists.best.com/ Info: http://www.xworlds.com/metacard/mailinglist.htm Please send bug reports to <[EMAIL PROTECTED]>, not this list.