Can't rtems tcp/ip stack do this?

[Smith, Gene]

I am wondering if anyone knows if rtems can support a listening server
socket that only responds to connection requests (SYN) from a list of remote
ip addresses supplied to the listening socket?

A typical server listening socket connects with whoever sends a SYN and
becomes "readable".  The connection is then accept()'d  by the app and the
remote ip addr is obtained from the socket address provided by accept(). The
app must then immediately close() the new socket (also returned by accept)
if it does not like the remote ip address. 

I would like for the listening socket to just ignore the SYN (or, second
best, send a FIN) if the remote address is not to my liking, like a firewall
using iptables in linux can do. I thought this had something to do with BPF,
which is in the rtems/bsd stack, but I can't seem to figure out how to use
it from the Stevens books (mostly talks about packet capture issues).

Has anybody done this or know if it is possible with the rtems/bsd stack?

Thanks,
-gene