Re: Acess Control !

From the posted message on the second part of the test it is allowed to
accept connection from 10.75.... And not reject.
On Wed, Oct 4, 2017 at 07:16 Elson Vaz <elsonlei(at)gmail(dot)com> wrote:

> Okay, thanks, so why not block the xpto connection coming from
> 10.75.15.60, as we can see, the first configuration could block it ??
>
> # TYPE DATABASE USER ADDRESS METHOD
>>
>> host xpto system 10.72.18.0/24
>> reject
>>
>> host xpto system 0.0.0.0/0
> reject
> host xpto system 10.75.15.60/32 md5
>
> host all all *0.0.0.0/0
> <http://0.0.0.0/0>* md5
>
> 2017-10-04 10:01 GMT-01:00 Vasanth R <rvasanth(at)gmail(dot)com>:
>
>> It is read from up to down until specific criteria is true. It stops
>> there and doesn't read thru rest of the lines.
>>
>> On Wed, Oct 4, 2017 at 06:41 Elson Vaz <elsonlei(at)gmail(dot)com> wrote:
>>
>>> Good morning pinker,
>>>
>>>
>>> Thank you for approch, but i maked this teste:
>>>
>>> 1. Reject xpto connection from all adress and after acept xpto
>>> connection from this adress - result = work good (lock connection
>>> for xtpo come from other adress and acept from this adress)
>>>
>>>
>>> # TYPE DATABASE USER ADDRESS METHOD
>>>>
>>>> host xpto system 10.72.18.0/24
>>>> reject
>>>>
>>>> host xpto system 0.0.0.0/0
>>> reject
>>> host xpto system 10.75.15.60/32
>>> md5
>>>
>>> host all all *0.0.0.0/0
>>> <http://0.0.0.0/0>* md5
>>>
>>>
>>>
>>> 1. acept xpto connection from especific adress and after reject
>>> from all connection - result = (acept all connection, that come
>>> from all adress )
>>>
>>>
>>>
>>> # TYPE DATABASE USER ADDRESS METHOD
>>>>
>>>>
>>>
>>> host xpto system 10.75.15.60/32
>>>> md5
>>>>
>>>>
>>>
>>> host all all *0.0.0.0/0
>>> <http://0.0.0.0/0>* md5
>>>
>>>
>>> host xpto system
>>> 10.72.18.0/24 reject
>>> host xpto system
>>> 0.0.0.0/0 reject
>>>
>>>
>>>
>>>
>>>
>>> So, maybe the read come from up to down? or have other explanation? i
>>> don't know, i use postgres 9.4.
>>>
>>> 2017-10-03 20:55 GMT-01:00 pinker <pinker(at)onet(dot)eu>:
>>>
>>>> be careful with order change. This proposed by Scott was correct; yours
>>>> will
>>>> reject all the connections made by user system to xpto. Documentation
>>>> says:
>>>>
>>>> > The first record with a matching connection type, client address,
>>>> > requested database, and user name is used to perform authentication.
>>>> There
>>>> > is no "fall-through" or "backup": if one record is chosen and the
>>>> > authentication fails, subsequent records are not considered.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Sent from:
>>>> http://www.postgresql-archive.org/PostgreSQL-admin-f2076596.html
>>>>
>>>>
>>>> --
>>>> Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org)
>>>> To make changes to your subscription:
>>>> http://www.postgresql.org/mailpref/pgsql-admin
>>>>
>>>
>>> --
>> Thanks
>> Vasanth
>>
>
> --
Thanks
Vasanth