Bug 234849 - net/rinetd allow deny
Summary: net/rinetd allow deny
Status: Closed Not A Bug
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Renato Botelho
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-11 09:57 UTC by Aleks
Modified: 2020-04-15 11:50 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (garga)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleks 2019-01-11 09:57:54 UTC
FreeBSD 11.1-STABLE #0 r332428

with such settings is not working !!!


# cd /usr/ports/net/rinetd && make install clean
# echo 'rinetd_enable="YES"' >> /etc/rc.conf
#sockstat
#allow 192.168.2.122           #...... ... .... .......... ....
logcommon                      #... ... .....
logfile /var/log/rinetd.log    #.......... ... ... ....

???????
allow 192.168.*.*
allow 192.168.3.*
allow 192.168.31.*
deny 224.*.*.*
deny 172.16.*.*
deny 172.16.*.*
deny 10.*.*.*
deny 169.254.*.*
????????


********
****
Comment 1 Renato Botelho freebsd_committer 2019-02-25 13:47:41 UTC
Could you please elaborate a bit. What is the content of your config? What errors are you seeing?
Comment 2 Aleks 2019-02-26 10:57:30 UTC
# cd /usr/ports/net/rinetd && make install clean
# echo 'rinetd_enable="YES"' >> /etc/rc.conf
#sockstat
#allow  194.44.221.30     #... ..... . ...... IP ..... .....
#allow 192.168.2.122           #...... ... .... .......... ....
logcommon                      #... ... .....
logfile /var/log/rinetd.log    #.......... ... ... ....


#allow 192.168.*.*
#allow 192.168.3.*
#allow 192.168.31.*
#deny 192.*.*.*
#deny 224.*.*.*
#deny 172.16.*.*
#deny 172.16.*.*
#deny 10.*.*.*
#deny 169.254.*.*

# ....... ... .........
# ........... . ........ .. yyy.yyy.yyy.yyy .. 192.168.1.2 .... 3389
# 0.0.0.0 3839  192.168.3.21 3389 #
0.0.0.0 2222  192.168.3.70 22 #

#0.0.0.0 3222  192.168.3.2 22 #
0.0.0.0 3222  192.168.3.86 22 #
0.0.0.0 8888  192.168.3.107 8888 #
0.0.0.0 10222  192.168.3.10 22 #
Comment 3 Renato Botelho freebsd_committer 2019-02-26 14:38:23 UTC
and what is exactly the error you are facing?
Comment 4 Aleks 2019-02-26 15:49:48 UTC
The error is invisible.
but does not work with such rules

allow 192.168. *. *
allow 192.168.3. *
allow 192.168.31. *
deny 192. *. *. *
deny 224. *. *. *
deny 172.16. *. *
deny 172.16. *. *
deny 10. *. *. *
deny 169.254. *. *
Comment 5 Walter Schwarzenfeld freebsd_triage 2019-08-13 11:22:01 UTC
Any change here?
Comment 6 Renato Botelho freebsd_committer 2019-08-13 12:23:02 UTC
(In reply to Aleks from comment #4)

Are those spaces intentional? As you pasted:

allow 192.168. *. *
allow 192.168.3. *
allow 192.168.31. *
deny 192. *. *. *
deny 224. *. *. *
deny 172.16. *. *
deny 172.16. *. *
deny 10. *. *. *
deny 169.254. *. *

Or it should be like this?

allow 192.168.*.*
allow 192.168.3.*
allow 192.168.31.*
deny 192.*.*.*
deny 224.*.*.*
deny 172.16.*.*
deny 172.16.*.*
deny 10.*.*.*
deny 169.254.*.*
Comment 7 Aleks 2019-08-15 07:46:56 UTC
allow 192.168.*.*
allow 192.168.3.*
allow 192.168.31.*
deny 224.*.*.*
deny 172.16.*.*
deny 10.*.*.*
deny 169.254.*.*
Comment 8 Aleks 2019-08-15 12:35:53 UTC
?

The rules do not want to work with data
Comment 9 Aleks 2019-08-27 07:24:42 UTC
if there is one pardon if the provider of births restarts dhcp, then there is a rebate
Comment 10 Aleks 2019-08-27 07:27:31 UTC
(In reply to Aleks from comment #9)



one more pardon if the provider of the restart of the rebuild DHCP then the rebuy of the restart of the program
Comment 11 Renato Botelho freebsd_committer 2020-04-14 14:13:57 UTC
I've tested it and it seems to work as it was designed to work.

When you add an allow rule, it will only allow that network and deny any other networks. So if you add "allow 192.168.*.*" and try to connect from 172.16.1.1 it will deny the connection.

When you add a deny rule, it will deny only that network and accept connections from any other.
Comment 12 Aleks 2020-04-15 08:32:05 UTC
Dear IT user, does not work. = > 2019-01-11 09:57:54 UTC
Comment 13 Renato Botelho freebsd_committer 2020-04-15 11:50:00 UTC
(In reply to Aleks from comment #12)
If you still have a scenario where it is failing, please send all the details:

- Complete config file
- IP address of the connections source
- IP address and port of connection target