[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Allow|DenyConnectionsFrom wildcard matching in 2.0.0
From: |
Mark . Burgess |
Subject: |
Re: Allow|DenyConnectionsFrom wildcard matching in 2.0.0 |
Date: |
Wed, 22 May 2002 21:06:49 +0200 (MET DST) |
The matching is by substring, but as of 2.0.2 you will be
able to use CIDR notation, and ranges of hosts. This
was a temporary solution for lack of time. I hope to have 2.0.2
within a few days, time permitting.
M
On 7 May, Frank Smith wrote:
> Upon trying to add a new client to a cfengine setup, I discovered an
> unexpected result of wildcard matches. The examples show that the
> allow and deny can be either addresses (w.x.y.z) or subnets (w.x.y).
> It appears that it is actually a substring match that is being
> performed which has some unusual results. I had this entry in my
> cfservd.conf:
>
> DenyConnectionsFrom = ( 10.1.38.8 )
>
> This was working as I expected. Then when I tried to set up a host
> that happened to be 10.1.38.84 I kept getting connection refused
> messages from cservd. After much trial and error I figured out that
> the deny rule was matching 10.1.38.8* as well as 10.1.38.8, so I
> had to change the deny rule to be ( 10.1.38.08 ) so that .84 would
> work, but now I'm not sure if I'm still denying 10.1.38.8
> Does anyone know exactly how the wildcards work?
>
> Frank
>
> --
> Frank Smith fsmith@hoovers.com
> Systems Administrator Voice: 512-374-4673
> Hoover's Online Fax: 512-374-4501
>
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~