[Samba] hosts allow / hosts deny (CIDRs?)

Ronald F. Guilmette rfg at tristatelogic.com
Wed Oct 18 04:10:00 UTC 2017


In message <ca330312-5343-b7e5-328a-d2b554330081 at thelounge.net>, 
Reindl Harald <h.reindl at thelounge.net> wrote:

>Am 17.10.2017 um 04:24 schrieb Ronald F. Guilmette via samba:
>> Just a trivial question...
>> 
>> Do the hosts allow and hosts deny clauses (i.e. within smb.conf) support
>> the use of IPv4 CIDR notation (e.g. A.B.C.D/maskbits) ?
>> 
>> The specific documentation page I was looking at, i.e.:
>> 
>>     https://www.samba.org/samba/docs/using_samba/ch06.html
>> 
>> was rather entirely ambiguous on this one small point.  When describing
>> the interfaces clause, it says explicitly that CIDRs are allowed.  But
>> when it comes to hosts allow and hosts deny, the same page is silent
>> about CIDR notation.
>> 
>> So, you know, I have to ask
>
>yes they do and you could have easily tried it out

Well, actually, I *did* try it out.  And it did *seem*  to work, but what
do I know?  I also tried, but was unable to find where exactly the
smbd/nmdb log records are being sent to, by default, on my FreeBSD system,
and thus, I was unable to check properly to see if my addition of a
line in my smb.conf file like "hosts allow = <<CIDR>>" did or did not
cause a parse error, i.e. when I restarted the daemon.

So, for all I can tell, perhaps I glitched the "hosts allow" directive
and perhaps smbd/nmdb are now allowing *all* hosts to access my stuff.
I was not able to tell if this might be happening, and that's why I asked
the question.

And anyway, isn't it a Good Thing that I asked?  I mean doesn't somebody
maybe want to fix the documentation page that I gave a link to, so that
it will henceforth be clear in noting (which it currently fails to do)
that CIDRs are allowed in hosts allow/deny directives?


Regards,
rfg



More information about the samba mailing list