Begin by implementing a `net.Listener` which checks the list of allowed IPs. You'll be able to run code before the connection is passed on to crypto/tls. Wrap it using https://golang.org/pkg/crypto/tls/#NewListener.
On 3/15/19 2:10 PM, Glen Huang wrote: > I'm trying to limit which clients are allowed to connect to my tls server > by their IPs. > > I know I can do that after Accept, check their IPs and close the connection > if they're not whitelisted. But that means the full tls handshake has to > complete before I can do that. > > Another option is that I can use nftables to whitelist clients at the > kernel level. But to do that, I either have to spawn a subprocess to call > nft, which is kinda slow or use google/nftables that isn't production ready > yet (also missing some features I need). > > Is there anyway I can drop the tls connection when a client sends SYN? > > Thanks in advance. > -- Andrei Tudor Călin -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
