Re: Basic question on 'reject' auth-method in pg_hba.conf

Yes, you'll need to make 2 entries like you shown as no CIDR that I know of
other than 0.0.0.0/0 would block both of those, and obviously you do NOT
want to block everyone which 0.0.0.0/0 would do. The entries are scanned
during a connection attempt, so if your test user is coming from a
different IP address than these two, there needs to be another entry
permitting that.
--
Jay

On Wed, Nov 30, 2016 at 11:36 AM, Sathesh S <Sathesh(dot)Sundaram(at)hotmail(dot)com>
wrote:

> Hello All,
>
>
> I'm new to postgresql, I have a basic question in using the 'reject'
> auth-method in pg_hba.conf.
>
> I would like to reject a particular login from multiple range of IP
> addresses.
>
>
> For example:
>
>
> I want to reject login "test" from multiple IP ranges "100.101.13.0" &
> "200.101.13.0"
>
>
> My questions:
>
>
> 1. Do I need to make separate entires like below ones or can I separate
> the IP address range using comma?
>
>
> "host all test 100.101.13.0 reject"
>
> "host all test 200.101.13.0 reject"
>
> 2. If I make multiple entries to reject as above, how will it be treated,
> will the system read all the entries for the "test" login or will it stop
> after it finds the 1st entry for "test" login?
>
> Can you please help with above questions.
>
>
> Thanks,
>
> Sathesh
>