Hi,
I'd like to add the capability to white-list in the hosts_allow plugin.
Specifically, we have a relay that we expect to get multiple connections
from so I don't want to restrict connections from that IP.
I was looking at the hosts_allow code, trying to work out the best way
to implement this without duplication. Then it hit me that if we just
reverse the order of the tests, we can use the hosts_allow mechanism to
white-list hosts.
Current code is:
my $remote = $args{remote_ip};
if ($args{max_conn_ip}) {
# check for too many connections from $remote
...
}
foreach ($self->qp->config("hosts_allow")) {
# check for $remote entry in hosts_allow
...
}
return (DECLINED);
I am proposing that we flip that round, ie. change it to:
my $remote = $args{remote_ip};
foreach ($self->qp->config("hosts_allow")) {
# check for $remote entry in hosts_allow
...
}
if ($args{max_conn_ip}) {
# check for too many connections from $remote
...
}
return (DECLINED);
With this change, I can simply add "12.34.56.78 DECLINED" to hosts_allow
which will whitelist host 12.34.56.78.
Can anyone see a downside to this?
R.
