DH doesn't interpret CIDR notation. It accepts primitive wildcards. Refer to http://www.denyhosts.net/faq.html#allowed for details.
Regards, Phil On Fri, 9 Nov 2007, Gorman Julie D wrote: > Hi, > > I've just implemented denyhosts on our ssh servers in our lab (we > have about 25 ssh servers being used for programming and general > education classes). It is working very well for most cases. I'm > running it on Mac OSX 10.4, Solaris 9 & 10. > > > I want to keep hosts from our local network from being entered into / > etc/hosts.deny (we have some very inexperienced users). I've read > that allowed-hosts (in the WORKING DIRECTORY) will accept CIDR > notation but it doesn't appear to be working. Here is the info about > the allowed-hosts file from the logging file when I am running with > the --debug flag (ips changed): > > 2007-11-09 09:56:51,723 - AllowedHosts: DEBUG initializing > AllowedHosts > 2007-11-09 09:56:51,724 - AllowedHosts: DEBUG line: 1.1.0.0/16 - > regex match? True > 2007-11-09 09:56:51,724 - AllowedHosts: DEBUG line: 1.1.1.8 - > regex match? True > 2007-11-09 09:56:51,725 - AllowedHosts: DEBUG allowed_hosts: > ['1.1.1.8', '1.1.0.0'] > 2007-11-09 09:56:51,725 - AllowedHosts: DEBUG done initializing > AllowedHosts > > Notice that the set of allowed_hosts doesn't include anything that > indicates that the CIDR notation was recognized. If I attempt to > login from one of the local clients with a bad password but valid > user and exceed the DENY_THRESHOLD_VALID the local client is added > to /etc/hosts.deny. > > Thanks, > Julie > > ===================================================== > Julie D. Gorman, Computer Science, CSU Stanislaus > One University Circle Turlock, CA 95382 || 209 667-3273 > ===================================================== > [EMAIL PROTECTED] || " Imagine all the people living life in peace " > ===================================================== > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Denyhosts-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > -- Regards, Phil Schwartz - http://www.phil-schwartz.com Open Source Projects: - DenyHosts: http://www.denyhosts.net - Kodos: http://kodos.sourceforge.net - ReleaseForge: http://releaseforge.sourceforge.net - Scratchy: http://scratchy.sourceforge.net - FAQtor: http://faqtor.sourceforge.net ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
