subject:"\[SR\-Users\] Re\: Reject TCP SYN"

[SR-Users] Re: Reject TCP SYN

2024-02-15 Thread David Villasmil via sr-users

Thanks Karsten,

That won’t work for me with TLS clients, which is what I’m trying to do.
I’m making a PR with a new tcp param.

Thanks!

Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337


On Thu, 15 Feb 2024 at 17:42, Karsten Horsmann  wrote:

> Hi David,
>
> I have most of my setups with OPTIONS pings (upstream carrier and myself).
> If I want to fade out a Kamailio I set the option response to an not 200
> value (like 603 or whatever) and my internal and the external system didn't
> bring in new invites but leave the currently running out.
>
> You can use cfg values for that or some kind of htable with value or so.
>
> Maybe an idea for your setup.
>
> David Villasmil via sr-users  schrieb am
> Fr., 9. Feb. 2024, 15:04:
>
>>
>> Hey, Henning, yeah I thought about that, but thought that maybe there was
>> a better way to do it via Kamailio
>>
>> Thanks!
>>
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.w...@gmail.com
>> phone: +34669448337
>>
>>
>> On Fri, 9 Feb 2024 at 14:08, Henning Westerholt  wrote:
>>
>>> Hello,
>>>
>>>
>>>
>>> what about e.g. just using something like iptables, nftables etc..?
>>>
>>>
>>>
>>> iptables -A INPUT -p tcp --syn --destination-port  -j REJECT
>>> --reject-with icmp-host-prohibited
>>>
>>>
>>>
>>> Cheers,
>>>
>>>
>>>
>>> Henning
>>>
>>>
>>>
>>> *From:* David Villasmil via sr-users 
>>> *Sent:* Donnerstag, 8. Februar 2024 14:28
>>> *To:* Kamailio (SER) - Users Mailing List 
>>> *Cc:* David Villasmil 
>>> *Subject:* [SR-Users] Reject TCP SYN
>>>
>>>
>>>
>>> Hello all,
>>>
>>>
>>>
>>> Is there any way of actually rejecting (RST) NEW tcp connection
>>> attempts, while allowing the ongoing ones to finish naturally?
>>>
>>>
>>>
>>> I’m thinking maybe we can add this feature?
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> David Villasmil
>>>
>>> email: david.villasmil.w...@gmail.com
>>>
>>> phone: +34669448337
>>>
>> __
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> To unsubscribe send an email to sr-users-le...@lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>>
>
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: Reject TCP SYN

2024-02-15 Thread Karsten Horsmann via sr-users

Hi David,

I have most of my setups with OPTIONS pings (upstream carrier and myself).
If I want to fade out a Kamailio I set the option response to an not 200
value (like 603 or whatever) and my internal and the external system didn't
bring in new invites but leave the currently running out.

You can use cfg values for that or some kind of htable with value or so.

Maybe an idea for your setup.

David Villasmil via sr-users  schrieb am Fr.,
9. Feb. 2024, 15:04:

>
> Hey, Henning, yeah I thought about that, but thought that maybe there was
> a better way to do it via Kamailio
>
> Thanks!
>
> Regards,
>
> David Villasmil
> email: david.villasmil.w...@gmail.com
> phone: +34669448337
>
>
> On Fri, 9 Feb 2024 at 14:08, Henning Westerholt  wrote:
>
>> Hello,
>>
>>
>>
>> what about e.g. just using something like iptables, nftables etc..?
>>
>>
>>
>> iptables -A INPUT -p tcp --syn --destination-port  -j REJECT
>> --reject-with icmp-host-prohibited
>>
>>
>>
>> Cheers,
>>
>>
>>
>> Henning
>>
>>
>>
>> *From:* David Villasmil via sr-users 
>> *Sent:* Donnerstag, 8. Februar 2024 14:28
>> *To:* Kamailio (SER) - Users Mailing List 
>> *Cc:* David Villasmil 
>> *Subject:* [SR-Users] Reject TCP SYN
>>
>>
>>
>> Hello all,
>>
>>
>>
>> Is there any way of actually rejecting (RST) NEW tcp connection attempts,
>> while allowing the ongoing ones to finish naturally?
>>
>>
>>
>> I’m thinking maybe we can add this feature?
>>
>>
>> Regards,
>>
>>
>>
>> David Villasmil
>>
>> email: david.villasmil.w...@gmail.com
>>
>> phone: +34669448337
>>
> __
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to sr-users-le...@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: Reject TCP SYN

2024-02-09 Thread David Villasmil via sr-users

Hey, Henning, yeah I thought about that, but thought that maybe there was a
better way to do it via Kamailio

Thanks!

Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337


On Fri, 9 Feb 2024 at 14:08, Henning Westerholt  wrote:

> Hello,
>
>
>
> what about e.g. just using something like iptables, nftables etc..?
>
>
>
> iptables -A INPUT -p tcp --syn --destination-port  -j REJECT
> --reject-with icmp-host-prohibited
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
> *From:* David Villasmil via sr-users 
> *Sent:* Donnerstag, 8. Februar 2024 14:28
> *To:* Kamailio (SER) - Users Mailing List 
> *Cc:* David Villasmil 
> *Subject:* [SR-Users] Reject TCP SYN
>
>
>
> Hello all,
>
>
>
> Is there any way of actually rejecting (RST) NEW tcp connection attempts,
> while allowing the ongoing ones to finish naturally?
>
>
>
> I’m thinking maybe we can add this feature?
>
>
> Regards,
>
>
>
> David Villasmil
>
> email: david.villasmil.w...@gmail.com
>
> phone: +34669448337
>
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: Reject TCP SYN

2024-02-09 Thread Henning Westerholt via sr-users

Hello,

what about e.g. just using something like iptables, nftables etc..?

iptables -A INPUT -p tcp --syn --destination-port  -j REJECT 
--reject-with icmp-host-prohibited

Cheers,

Henning

From: David Villasmil via sr-users 
Sent: Donnerstag, 8. Februar 2024 14:28
To: Kamailio (SER) - Users Mailing List 
Cc: David Villasmil 
Subject: [SR-Users] Reject TCP SYN

Hello all,

Is there any way of actually rejecting (RST) NEW tcp connection attempts, while 
allowing the ongoing ones to finish naturally?

I’m thinking maybe we can add this feature?

Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: Reject TCP SYN

[SR-Users] Re: Reject TCP SYN

[SR-Users] Re: Reject TCP SYN

[SR-Users] Re: Reject TCP SYN

4 matches

Site Navigation

Mail list logo

Footer information