Red Hat Bugzilla – Bug 83719
hosts.allow IPaddr/mask wrongly interpreted
Last modified: 2007-04-18 12:50:50 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.6 (X11; Linux i686; U;) Gecko/20020830 Description of problem: man hosts.allow says: "An expression of the form �n.n.n.n/m.m.m.m� is interpreted as a �net/mask� pair. An IPv4 host address is matched if �net� is equal to the bitwise AND of the address and the �mask�." However, portmap is denied to host aaa.bbb.ccc.ddd/255.255.255.255, suggesting that the mask is wrongly applied. Version-Release number of selected component (if applicable): How reproducible: Didn't try Steps to Reproduce: On an NFS server host, /etc/hosts.deny contains: ALL:ALL /etc/hosts.allow contains (IP addresses sanitised): portmap:ppp.qqq.rrr.sss/255.255.255.0,aaa.bbb.ccc.ddd/255.255.255.255 rpc.mountd:ppp.qqq.rrr.sss/255.255.255.0,aaa.bbb.ccc.ddd/255.255.255.255 An attempt to mount an NFS volume onto aaa.bbb.ccc.ddd gives the following in the syslog on the NFS server host: portmap[30168]: connect from aaa.bbb.ccc.ddd to getport(mountd): request from unauthorized host However, after changing the mask in hosts.allow to 255.255.255.254 the mount attempt succeeds. nfs-utils-1.0.1-2 tcp_wrappers-7.6-23 Additional info:
This is no bug: > man hosts.allow ... An expression of the form ân.n.n.n/m.m.m.m´ is interpreted as a ânet/mask´ pair. An IPv4 host address is matched if ânet´ is equal to the bitwise AND of the address and the âmask´. For example, the net/mask pattern â131.155.72.0/255.255.254.0´ matches every address in the range â131.155.72.0´ through â131.155.73.255´. ... Do not use net/mask pair for a single host.