Steve Dickson wrote:
> Why do you not see that "deny on reverse DNS failure"
is not mutually
> exclusive with "enable TCP wrappers"? This is based upon a
> MISINTERPRETATION of how tcp wrappers should behave. You are hard
> coding policy into nfs-utils.
Please tell how I check a 'mountd: <hostname>' entry in the /etc/hosts.deny
with only an IP address without doing a reverse name lookup?
I am not saying "without doing a reverse name lookup". Just remove the
hardcoded part that makes it fatal.
> All you need to do is make "deny on reverse DNS failure" disabled by
> default, and let the admin choose to enable it. This would be simpler
> than your above imperfect hack as well as more correct.
This feels like a bit of hack as well...
You hard coded policy. How was that not a hack?
Warren Togami
wtogami(a)redhat.com