Steve Dickson wrote:
Why do you not see that "deny on reverse DNS failure" is not mutually
exclusive with "enable TCP wrappers"? This is based upon a
MISINTERPRETATION of how tcp wrappers should behave. You are hard
coding policy into nfs-utils.
Please tell how I check a 'mountd: <hostname>' entry in the /etc/hosts.deny
with only an IP address without doing a reverse name lookup?
I am not saying "without doing a reverse name lookup". Just remove the
hardcoded part that makes it fatal.
All you need to do is make "deny on reverse DNS failure" disabled by
default, and let the admin choose to enable it. This would be simpler
than your above imperfect hack as well as more correct.
This feels like a bit of hack as well...
You hard coded policy. How was that not a hack?
Warren Togami
wtogami@xxxxxxxxxx
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
