From owner-freebsd-bugs@FreeBSD.ORG  Mon Nov 24 01:41:30 2003
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4ADE016A4CE
	for <freebsd-bugs@freebsd.org>; Mon, 24 Nov 2003 01:41:30 -0800 (PST)
Received: from geminix.org (gen129.n001.c02.escapebox.net [213.73.91.129])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3848443F85
	for <freebsd-bugs@freebsd.org>; Mon, 24 Nov 2003 01:41:29 -0800 (PST)
	(envelope-from gemini@geminix.org)
Message-ID: <3FC1D245.2050009@geminix.org>
Date: Mon, 24 Nov 2003 10:41:25 +0100
From: Uwe Doering <gemini@geminix.org>
Organization: Private UNIX Site
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031019
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-bugs@FreeBSD.ORG
References: <005701c3b229$e567bc50$0400a8c0@internalprocess>
In-Reply-To: <005701c3b229$e567bc50$0400a8c0@internalprocess>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Received: from gemini by geminix.org with asmtp (TLSv1:AES256-SHA:256)
	(Exim 3.36 #1)
	id 1AODDj-000EJz-00; Mon, 24 Nov 2003 10:41:27 +0100
Subject: Re: hosts.allow not always working... misses some IPs
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Nov 2003 09:41:30 -0000

Kerry B. Rogers wrote:
> Dear Whomever,
> 
> I received an e-mail with the following header fragment:
> 
> ====== cut here =======
> Received: from priv-edtnes11-hme0.telusplanet.net (outbound03.telus.net
> [199.185.220.222])
>  by tinkertoys.net (8.12.10/8.11.6) with ESMTP id hANMNpKS021237;
>  Sun, 23 Nov 2003 15:23:51 -0700 (MST)
> 
> ====== cut here =======
> 
> In my hosts.allow file (which usually rejects domains just fine) I have:
> 
> ====== cut here =======
> smtp : 199.185.220.0/255.255.251.0 : deny
> ====== cut here =======
> 
> The above listed e-mail should have been rejected but it wasn't. Is this a
> bug? Is a 975K host.allow file creating this problem? Please help...

I think the netmask is wrong.  When you apply the third octet of the 
netmask (251) to the IP address (220) the result will be 216, which is 
then compared with 220.  Since the numbers differ the rule doesn't 
apply, which is to be expected.

Are you sure that the netmask's third octet shouldn't have been 254, 252 
or 248 instead for proper masking, depending on the range of addresses 
you'd like to cover?

    Uwe
-- 
Uwe Doering         |  EscapeBox - Managed On-Demand UNIX Servers
gemini@geminix.org  |  http://www.escapebox.net