Quick Question about order in check_client_access hash

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Quick Question about order in check_client_access hash

Dennis Putnam
I have a situation where I am blocking a class B network. However, it  
turns out there is one legitimate class C within that range. What is  
the correct order in the hash file to permit that one subnet?

xxx.yyy.zzz OK
xxx.yyy REJECT

or

xxx.yyy REJECT
xxx.yyy.zzz OK

Does it even matter? Thanks.

Dennis Putnam
Sr. IT Systems Administrator
AIM Systems, Inc.
11675 Rainwater Dr., Suite 200
Alpharetta, GA  30004
Phone: 678-240-4112
Main Phone: 678-297-0700
FAX: 678-297-2666 or 770-576-1000
The information contained in this e-mail and any attachments is  
strictly confidential. If you are not the intended recipient, any use,  
dissemination, distribution, or duplication of any part of this e-mail  
or any attachment is prohibited. If you are not the intended  
recipient, please notify the sender by return e-mail and delete all  
copies, including the attachments.


Reply | Threaded
Open this post in threaded view
|

Re: Quick Question about order in check_client_access hash

Wietse Venema
Dennis Putnam:

> I have a situation where I am blocking a class B network. However, it  
> turns out there is one legitimate class C within that range. What is  
> the correct order in the hash file to permit that one subnet?
>
> xxx.yyy.zzz OK
> xxx.yyy REJECT
>
> or
>
> xxx.yyy REJECT
> xxx.yyy.zzz OK
>
> Does it even matter? Thanks.

By definition, it does not. Hash files are not searched sequentially.
http://en.wikipedia.org/wiki/Hash_table

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Quick Question about order in check_client_access hash

Daniel Black-2
On Fri, 13 Jun 2008 10:21:14 pm Wietse Venema wrote:

> Dennis Putnam:
> > I have a situation where I am blocking a class B network. However, it
> > turns out there is one legitimate class C within that range. What is
> > the correct order in the hash file to permit that one subnet?
> >
> > xxx.yyy.zzz OK
> > xxx.yyy REJECT
> >
> > or
> >
> > xxx.yyy REJECT
> > xxx.yyy.zzz OK
> >
> > Does it even matter? Thanks.
>
> By definition, it does not. Hash files are not searched sequentially.
> http://en.wikipedia.org/wiki/Hash_table
>
> Wietse
However there is an order in which postfix looks up the address hashes

xxx.yyy.zzz.hos
xxx.yyy.zzz
xxx.yyy
xxx

as per http://www.postfix.org/access.5.html

which means your luckly that postfix support class C lookups before class B

--

Daniel Black
--
Proudly a Gentoo Linux User.
Gnu-PG/PGP signed and encrypted email preferred
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x76677097
GPG Signature D934 5397 A84A 6366 9687  9EB2 861A 4ABA 7667 7097

signature.asc (204 bytes) Download Attachment