Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Any socat users?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Any socat users?

ricardoricardo Member
in General

Basically my question is the same as this: http://superuser.com/questions/168452/remote-listening-of-unix-sockets and the answer is fine.

However, I'm wondering if socat has the option to whitelist some IPs on the TCP end of things, as I just want the TCP listener to accept input from a handful of IPs.

Comments

  • ricardoricardo Member
    edited July 2015

    I've just went and used iptables instead which is probably more sensible, though just looking to whitelist a handful of IPs rather than one.

    iptables -I INPUT -p tcp ! -s remoteip --dport 12300 -j DROP
    socat TCP-LISTEN:12300,fork UNIX-CONNECT:/home/tmp/search.sock

  • agentsmithagentsmith Member

    you can create your own chain, direct packets with --dort 12300 to it, allow several ips and then drop everything.

  • ricardoricardo Member
    edited July 2015

    yep, that's what I ended up with after a bit of Googling

    iptables -N domhuff
    iptables -A domhuff -p tcp -s ip1 --dport 12300 -j ACCEPT
    iptables -A domhuff -p tcp -s ip2 --dport 12300 -j ACCEPT
    iptables -A domhuff -p tcp -s ip3 --dport 12300 -j ACCEPT
    iptables -A domhuff -j DROP
    iptables -I INPUT -m tcp -p tcp --dport 12300 -j domhuff

Sign In or Register to comment.