hosts.allow not always working... misses some IPs
Uwe Doering
gemini at geminix.org
Mon Nov 24 01:41:30 PST 2003
Kerry B. Rogers wrote:
> Dear Whomever,
>
> I received an e-mail with the following header fragment:
>
> ====== cut here =======
> Received: from priv-edtnes11-hme0.telusplanet.net (outbound03.telus.net
> [199.185.220.222])
> by tinkertoys.net (8.12.10/8.11.6) with ESMTP id hANMNpKS021237;
> Sun, 23 Nov 2003 15:23:51 -0700 (MST)
>
> ====== cut here =======
>
> In my hosts.allow file (which usually rejects domains just fine) I have:
>
> ====== cut here =======
> smtp : 199.185.220.0/255.255.251.0 : deny
> ====== cut here =======
>
> The above listed e-mail should have been rejected but it wasn't. Is this a
> bug? Is a 975K host.allow file creating this problem? Please help...
I think the netmask is wrong. When you apply the third octet of the
netmask (251) to the IP address (220) the result will be 216, which is
then compared with 220. Since the numbers differ the rule doesn't
apply, which is to be expected.
Are you sure that the netmask's third octet shouldn't have been 254, 252
or 248 instead for proper masking, depending on the range of addresses
you'd like to cover?
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org | http://www.escapebox.net
More information about the freebsd-bugs
mailing list