Yes, you'll need to make 2 entries like you shown as no CIDR that I know of other than 0.0.0.0/0 would block both of those, and obviously you do NOT want to block everyone which 0.0.0.0/0 would do. The entries are scanned during a connection attempt, so if your test user is coming from a different IP address than these two, there needs to be another entry permitting that.
--
Jay--
On Wed, Nov 30, 2016 at 11:36 AM, Sathesh S <Sathesh.Sundaram@xxxxxxxxxxx> wrote:
Hello All,
I'm new to postgresql, I have a basic question in using the 'reject' auth-method in pg_hba.conf.
I would like to reject a particular login from multiple range of IP addresses.
For example:
I want to reject login "test" from multiple IP ranges "100.101.13.0" & "200.101.13.0"
My questions:
1. Do I need to make separate entires like below ones or can I separate the IP address range using comma?
"host all test 100.101.13.0 reject"
"host all test 200.101.13.0 reject"
2. If I make multiple entries to reject as above, how will it be treated, will the system read all the entries for the "test" login or will it stop after it finds the 1st entry for "test" login?
Can you please help with above questions.
Thanks,
Sathesh