[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] mountd: Don't do tcp wrapper check when there are no rules

Ralf Ertzinger wrote:
> Hi.
> On Tue, 20 Jan 2009 10:06:05 -0500, Steve Dickson wrote:
>> Please tell how I check a 'mountd: <hostname>' entry in
>> the /etc/hosts.deny with only an IP address without doing a reverse
>> name lookup?
> You can't, and no one is denying that as far as I can see. And I'd
> actually consider this to be failing on the safe side.
> But, given an entry in hosts.allow like this:
> mountd: host.example.com
> denying the ip just because it does not have a hostname
> associated with it would be just wrong.
Remember I said _matching_ IP... meaning if the above line
was in hosts.allow and client did a mount
the client would be allow the mount without doing a lookup 
because there was a matching IP address entry... 

Now if client did a mount, there would not be a 
IP matching entry in hosts.allow so a lookup would be necessary
to see if a 'mountd: <hostname>' exists in hosts.deny. 

Is that making sense? 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]