Just a trivial question... Do the hosts allow and hosts deny clauses (i.e. within smb.conf) support the use of IPv4 CIDR notation (e.g. A.B.C.D/maskbits) ? The specific documentation page I was looking at, i.e.: https://www.samba.org/samba/docs/using_samba/ch06.html was rather entirely ambiguous on this one small point. When describing the interfaces clause, it says explicitly that CIDRs are allowed. But when it comes to hosts allow and hosts deny, the same page is silent about CIDR notation. So, you know, I have to ask.
Am 17.10.2017 um 04:24 schrieb Ronald F. Guilmette via samba:> Just a trivial question... > > Do the hosts allow and hosts deny clauses (i.e. within smb.conf) support > the use of IPv4 CIDR notation (e.g. A.B.C.D/maskbits) ? > > The specific documentation page I was looking at, i.e.: > > https://www.samba.org/samba/docs/using_samba/ch06.html > > was rather entirely ambiguous on this one small point. When describing > the interfaces clause, it says explicitly that CIDRs are allowed. But > when it comes to hosts allow and hosts deny, the same page is silent > about CIDR notation. > > So, you know, I have to askyes they do and you could have easily tried it out
On Tue, 17 Oct 2017 10:38:01 +0200 Reindl Harald via samba <samba at lists.samba.org> wrote:> > Am 17.10.2017 um 04:24 schrieb Ronald F. Guilmette via samba: > > Just a trivial question... > > > > Do the hosts allow and hosts deny clauses (i.e. within smb.conf) > > support the use of IPv4 CIDR notation (e.g. A.B.C.D/maskbits) ? > > > > The specific documentation page I was looking at, i.e.: > > > > https://www.samba.org/samba/docs/using_samba/ch06.html > > > > was rather entirely ambiguous on this one small point. When > > describing the interfaces clause, it says explicitly that CIDRs are > > allowed. But when it comes to hosts allow and hosts deny, the same > > page is silent about CIDR notation. > > > > So, you know, I have to ask > > yes they do and you could have easily tried it out >Or just read 'man smb.conf' Rowland
In message <ca330312-5343-b7e5-328a-d2b554330081 at thelounge.net>, Reindl Harald <h.reindl at thelounge.net> wrote:>Am 17.10.2017 um 04:24 schrieb Ronald F. Guilmette via samba: >> Just a trivial question... >> >> Do the hosts allow and hosts deny clauses (i.e. within smb.conf) support >> the use of IPv4 CIDR notation (e.g. A.B.C.D/maskbits) ? >> >> The specific documentation page I was looking at, i.e.: >> >> https://www.samba.org/samba/docs/using_samba/ch06.html >> >> was rather entirely ambiguous on this one small point. When describing >> the interfaces clause, it says explicitly that CIDRs are allowed. But >> when it comes to hosts allow and hosts deny, the same page is silent >> about CIDR notation. >> >> So, you know, I have to ask > >yes they do and you could have easily tried it outWell, actually, I *did* try it out. And it did *seem* to work, but what do I know? I also tried, but was unable to find where exactly the smbd/nmdb log records are being sent to, by default, on my FreeBSD system, and thus, I was unable to check properly to see if my addition of a line in my smb.conf file like "hosts allow = <<CIDR>>" did or did not cause a parse error, i.e. when I restarted the daemon. So, for all I can tell, perhaps I glitched the "hosts allow" directive and perhaps smbd/nmdb are now allowing *all* hosts to access my stuff. I was not able to tell if this might be happening, and that's why I asked the question. And anyway, isn't it a Good Thing that I asked? I mean doesn't somebody maybe want to fix the documentation page that I gave a link to, so that it will henceforth be clear in noting (which it currently fails to do) that CIDRs are allowed in hosts allow/deny directives? Regards, rfg
Maybe Matching Threads
- hosts allow / hosts deny (CIDRs?)
- CIDR-matching in puppet manifests?
- Blocking attacks from a range of IP addresses
- [Bug 597] New: ip6tables connlimit - cannot set CIDR greater than 32 (includes fix)
- [Bug 3544] New: Support CIDR notation for host pattern matching