Date: Mon, 24 Nov 2003 10:41:25 +0100 From: Uwe Doering <gemini@geminix.org> To: freebsd-bugs@FreeBSD.ORG Subject: Re: hosts.allow not always working... misses some IPs Message-ID: <3FC1D245.2050009@geminix.org> In-Reply-To: <005701c3b229$e567bc50$0400a8c0@internalprocess> References: <005701c3b229$e567bc50$0400a8c0@internalprocess>
next in thread | previous in thread | raw e-mail | index | archive | help
Kerry B. Rogers wrote:
> Dear Whomever,
>
> I received an e-mail with the following header fragment:
>
> ====== cut here =======
> Received: from priv-edtnes11-hme0.telusplanet.net (outbound03.telus.net
> [199.185.220.222])
> by tinkertoys.net (8.12.10/8.11.6) with ESMTP id hANMNpKS021237;
> Sun, 23 Nov 2003 15:23:51 -0700 (MST)
>
> ====== cut here =======
>
> In my hosts.allow file (which usually rejects domains just fine) I have:
>
> ====== cut here =======
> smtp : 199.185.220.0/255.255.251.0 : deny
> ====== cut here =======
>
> The above listed e-mail should have been rejected but it wasn't. Is this a
> bug? Is a 975K host.allow file creating this problem? Please help...
I think the netmask is wrong. When you apply the third octet of the
netmask (251) to the IP address (220) the result will be 216, which is
then compared with 220. Since the numbers differ the rule doesn't
apply, which is to be expected.
Are you sure that the netmask's third octet shouldn't have been 254, 252
or 248 instead for proper masking, depending on the range of addresses
you'd like to cover?
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org | http://www.escapebox.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FC1D245.2050009>