Re: Allow|DenyConnectionsFrom wildcard matching in 2.0.0

[Mark . Burgess]

The matching is by substring, but as of 2.0.2 you will be
able to use CIDR notation, and ranges of hosts. This
was a temporary solution for lack of time. I hope to have 2.0.2
within a few days, time permitting.

M

On  7 May, Frank Smith wrote:
> Upon trying to add a new client to a cfengine setup, I discovered an
> unexpected result of wildcard matches.  The examples show that the
> allow and deny can be either addresses (w.x.y.z) or subnets (w.x.y).
>   It appears that it is actually a substring match that is being
> performed which has some unusual results.  I had this entry in my
> cfservd.conf:
> 
> DenyConnectionsFrom = ( 10.1.38.8 )
> 
> This was working as I expected.  Then when I tried to set up a host
> that happened to be 10.1.38.84 I kept getting connection refused
> messages from cservd.  After much trial and error I figured out that
> the deny rule was matching 10.1.38.8* as well as 10.1.38.8, so I
> had to change the deny rule to be ( 10.1.38.08 ) so that .84 would
> work, but now I'm not sure if I'm still denying 10.1.38.8
>    Does anyone know exactly how the wildcards work?
> 
> Frank
> 
> --
> Frank Smith                                                fsmith@hoovers.com
> Systems Administrator                                     Voice: 512-374-4673
> Hoover's Online                                             Fax: 512-374-4501
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://mail.gnu.org/mailman/listinfo/help-cfengine



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~