On Wed, Oct 4, 2017 at 07:16 Elson Vaz <elsonlei@xxxxxxxxx> wrote:
Okay, thanks, so why not block the xpto connection coming from 10.75.15.60, as we can see, the first configuration could block it ??# TYPE DATABASE USER ADDRESS METHODhost xpto system 10.72.18.0/24 rejecthost xpto system 0.0.0.0/0 reject
host xpto system 10.75.15.60/32 md5host all all 0.0.0.0/0 md52017-10-04 10:01 GMT-01:00 Vasanth R <rvasanth@xxxxxxxxx>:It is read from up to down until specific criteria is true. It stops there and doesn't read thru rest of the lines.On Wed, Oct 4, 2017 at 06:41 Elson Vaz <elsonlei@xxxxxxxxx> wrote:Good morning pinker,Thank you for approch, but i maked this teste:
- Reject xpto connection from all adress and after acept xpto connection from this adress - result = work good (lock connection for xtpo come from other adress and acept from this adress)
host xpto system 0.0.0.0/0 reject
host xpto system 10.75.15.60/32 md5host all all 0.0.0.0/0 md5
- acept xpto connection from especific adress and after reject from all connection - result = (acept all connection, that come from all adress )
# TYPE DATABASE USER ADDRESS METHOD
host xpto system 10.75.15.60/32 md5
host all all 0.0.0.0/0 md5So, maybe the read come from up to down? or have other explanation? i don't know, i use postgres 9.4.2017-10-03 20:55 GMT-01:00 pinker <pinker@xxxxxxx>:be careful with order change. This proposed by Scott was correct; yours will
reject all the connections made by user system to xpto. Documentation says:
> The first record with a matching connection type, client address,
> requested database, and user name is used to perform authentication. There
> is no "fall-through" or "backup": if one record is chosen and the
> authentication fails, subsequent records are not considered.
--
Sent from: http://www.postgresql-archive.org/PostgreSQL-admin-f2076596.html
--
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
--Thanks
Vasanth
--
Thanks
Vasanth
Vasanth
