I've been trying to implement white/black lists in FTP server and thought of running my findings/ideas with you guys.
Currently, each listener can have a black list. There is NO white listing capability. I've been thinking, instead of having the black list IPs/Subnets, simply have an interface called IPFilter. Each listener can have at most one IPFilter. The IPFilter requires an implementation for a method named accept(), which tells if the client's connection should be accepted or rejected based on the IP address. This gives us the flexibility of having a black or white list which ever is preferred by the server administrator. By default, we can ship default implementation for IPFilter which can be a black or white filter. For example, in the spring configuration, instead of having a blacklist element, we would have a <ipFilter> element as shown below: <ipFilter type="whitelist|blacklist"> 192.168.1.200/32, 192.168.1.201/32 </ipFilter> The type attribute in the ipFilter element tells us if it should be a white or black list. The value for this attribute could be "whitelist" or "blacklist" or something similar such as BLOCK/PASS. I could not think of any good usage scenarios where one might want to have both white and black lists for a given listener. So, one IP Filter per listener should be good enough, unless you guys think otherwise. The above should work for users who want to run the FTP server out-of-the-box. For people who want to override the default IP filter implementaton, could create a new class that implements the IPFilter interface and specify the class name(?) in the spring config or programmatically call ListenerFactory.setIPFilter(IPFilter) method. Let me know what do you guys think and we can decide on how best it should be implemented. I do have sometime this week to work on this if we finalize on something. Thanks & Regards, Sai Pullabhotla