+ /* To prevent anyone from attempting to flood opers/DDoS by connecting to the server port,
+ * or discovering if this port is the server port, we don't allow connections from any
+ * IPs for which we don't have a link block.
+ */
+ bool found = false;
+ char resolved_host[MAXBUF];
+ vector<Link>::iterator i;
+ for (i = LinkBlocks.begin(); i != LinkBlocks.end(); i++)
+ {
+ if (i->IPAddr == ip)
+ {
+ found = true;
+ break;
+ }
+ /* XXX: Fixme: blocks for a very short amount of time,
+ * we should cache these on rehash/startup
+ */
+ if (CleanAndResolve(resolved_host,i->IPAddr.c_str(),true))
+ {
+ if (std::string(resolved_host) == ip)
+ {
+ found = true;
+ break;
+ }
+ }
+ }
+ if (!found)
+ {
+ WriteOpers("Server connection from %s denied (no link blocks with that IP address)", ip);
+ close(newsock);
+ return false;
+ }