[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] mountd: Don't do tcp wrapper check when there are no rules




Ralf Ertzinger wrote:
> Hi.
> 
> On Tue, 20 Jan 2009 10:06:05 -0500, Steve Dickson wrote:
> 
>> Please tell how I check a 'mountd: <hostname>' entry in
>> the /etc/hosts.deny with only an IP address without doing a reverse
>> name lookup?
> 
> You can't, and no one is denying that as far as I can see. And I'd
> actually consider this to be failing on the safe side.
> 
> But, given an entry in hosts.allow like this:
> 
> mountd: host.example.com 192.168.1.1
> 
> denying the ip 192.168.1.1 just because it does not have a hostname
> associated with it would be just wrong.
Remember I said _matching_ IP... meaning if the above line
was in hosts.allow and client 192.168.1.1 did a mount
the client would be allow the mount without doing a lookup 
because there was a matching IP address entry... 

Now if client 192.168.1.2 did a mount, there would not be a 
IP matching entry in hosts.allow so a lookup would be necessary
to see if a 'mountd: <hostname>' exists in hosts.deny. 

Is that making sense? 

steved.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]