How to accept connections from a few IP addresses and immediately
reject anything from the same network range?
I did try to do that, but unsuccessful. inn 2.6.4.
auth "blah" {
hosts: "192.168.1.0/24, !192.168.1.5"
default: "<FAIL>"
}
It assigns the identity "<FAIL>" to the users in 192.168.1.0/24 butnot 192.168.1.5.
How to accept connections from a few IP addresses and immediately
reject anything from the same network range?
I did try to do that, but unsuccessful. inn 2.6.4.
auth "blah" {
 hosts: "192.168.1.0/24, !192.168.1.5"
 default: "<FAIL>"
}
It assigns the identity "<FAIL>" to the users in 192.168.1.0/24 butnot 192.168.1.5.
With that logic in mind, a working readers.conf file to do that is:
auth blah {
 hosts: "192.168.1.0/24, !192.168.1.5"
 default: "<SUCCESS>"
}
access full {
 users: "<SUCCESS>"
 newsgroups: *
}
hosts: "192.168.1.0/24, !192.168.1.5"
After further investigation, I better understand the issue you're facing. This syntax does not work. I would tend to think this is a bug, but am unsure. We have no examples of a "!" syntax in "hosts" lists in readers.conf...
The code just parses each part of the list, starting from the end. So, assuming you're connecting from 192.168.1.5, it does:
1/ Does "!192.168.1.5" matches 192.168.1.5? No, so go on trying.
2/ Does "192.168.1.0/24" matches 192.168.1.5? Yes, so the auth block succeeds.
I would have said at step 1 that the auth block fails, but that's not
what the code does... Any opinion about that, and if it should be changed?
At least the documentation needs fixing as it says for "hosts": "comma-separated wildmat expressions allowed, but @ is not supported".
Hi Miner,
How to accept connections from a few IP addresses and
immediately reject anything from the same network range?
I did try to do that, but unsuccessful. inn 2.6.4.
auth "blah" {
hosts: "192.168.1.0/24, !192.168.1.5"
default: "<FAIL>"
}
It assigns the identity "<FAIL>" to the users in192.168.1.0/24 but not 192.168.1.5.
The code just parses each part of the list, starting from the end. So, assuming you're connecting from 192.168.1.5, it does:
1/ Does "!192.168.1.5" matches 192.168.1.5? No, so go on
trying.
2/ Does "192.168.1.0/24" matches 192.168.1.5? Yes, so the auth
block succeeds.
I would have said at step 1 that the auth block fails, but
that's not what the code does... Any opinion about that, and
if it should be changed?
At least the documentation needs fixing as it says for "hosts": "comma-separated wildmat expressions allowed, but @ is not
supported".
With that logic in mind, a working readers.conf file to do that is:
auth blah {
hosts: "192.168.1.0/24, !192.168.1.5"
default: "<SUCCESS>"
}
This does not work, unfortunately (in current versions of INN 2.6.x).
Here's a working example:
auth allowed {
hosts: "192.168.1.0/24"
default: "<SUCCESS>"
}
auth disallowed {
hosts: "192.168.1.5"
default: "<FAIL>"
}
access success {
users: "<SUCCESS>"
newsgroups: "*"
}
access fail {
users: "<FAIL>"
reject_with: "Not allowed!"
}
Remember the order is important (the last matching block
applies, so the "disallowed" block should be after the
"allowed" block).
In my example condition '"192.168.1.0/24, !192.168.1.5"' mean
reject any connection from network 192.168.1.0/24, except
192.168.1.5 host.
How about?..
auth allowed {
hosts: "192.168.1.5"
default: "<SUCCESS>"
}
auth disallowed {
hosts: "192.168.1.0/24"
default: "<FAIL>"
}
access success {
users: "<SUCCESS>"
newsgroups: "*"
}
access fail {
users: "<FAIL>"
reject_with: "Not allowed!"
}
As the last matching auth block applies, the "disallowed" block
should be before the "allowed" block in your example.
Otherwise, 192.168.1.5 matches both blocks and therefore the
second one ("disallowed") is selected.
In my previous example, I thought you wanted "everyone except
for a few hosts" so "allowed" is before "disallowed". Here,
the logic is "nobody except for a few hosts" so "disallowed" is
before "allowed".
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 300 |
Nodes: | 16 (2 / 14) |
Uptime: | 59:37:35 |
Calls: | 6,712 |
Files: | 12,243 |
Messages: | 5,355,695 |