Re: hosts.allow not always working... misses some IPs

[Jeff Penn]

On Tue, Dec 02, 2003 at 12:54:32AM -0500, Kerry B. Rogers wrote:
> I received an e-mail with the following header fragment:
> 
> ===V=== cut here ===V
> Received: from priv-edtnes11-hme0.telusplanet.net (outbound03.telus.net
> [199.185.220.222])
>  by tinkertoys.net (8.12.10/8.11.6) with ESMTP id hANMNpKS021237;
>  Sun, 23 Nov 2003 15:23:51 -0700 (MST)
> ===^=== cut here ===^
> 
> In my hosts.allow file (which usually rejects domains just fine) I have:
 
> smtp : 199.185.220.0/255.255.251.0 : deny

---^^^

> The above listed e-mail should have been rejected but it wasn't. Is this a
> bug? Is a 975K host.allow file creating this problem? Please help...

I added your rule to my hosts.allow and tested it using:

tcpdmatch smtp 199.185.220.222

The rule was not triggered.  Changing the rule to a valid netmask 
(255.255.255.0) did trigger the rule & denied access.

Jeff
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: hosts.allow not always working... misses some IPs

[Simon Barner]

> I received an e-mail with the following header fragment:
> 
> ===V=== cut here ===V
> Received: from priv-edtnes11-hme0.telusplanet.net (outbound03.telus.net
> [199.185.220.222])
>  by tinkertoys.net (8.12.10/8.11.6) with ESMTP id hANMNpKS021237;
>  Sun, 23 Nov 2003 15:23:51 -0700 (MST)
> ===^=== cut here ===^
> 
> In my hosts.allow file (which usually rejects domains just fine) I have:
> 
> ===V=== cut here ===V
> smtp : 199.185.220.0/255.255.251.0 : deny
> ===^=== cut here ===^

Are you sure about the netmask? I think it should be something like
255.255.255.0 or
255.255.252.0.

Simon


signature.asc
Description: Digital signature