Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.csd.uwm.edu!cs.utexas.edu!natinst!rpp386!jfh From: jfh@rpp386.Dallas.TX.US (John F. Haugh II) Newsgroups: comp.unix.wizards Subject: Re: Unix network security Summary: How about .netaccess works both ways? Message-ID: <16917@rpp386.Dallas.TX.US> Date: 19 Aug 89 17:14:25 GMT References: <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu> <3942@phri.UUCP> <35131@wlbr.IMSD.CONTEL.COM> Reply-To: jfh@rpp386.cactus.org (John F. Haugh II) Organization: I am NOT the NRA Lines: 29 In article <35131@wlbr.IMSD.CONTEL.COM> sms@WLV.IMSD.CONTEL.COM.UUCP (Steven M. Schultz) writes: > How about inverting the meaning of ".netaccess"? By this i > mean making it a list of hosts/addresses to be rejected. There > have been times when it would be desireable to let connections > from all systems except a list of bad/undesireables. This could work both ways like netnews sys files are with newsgroups. The '*' operator could function like an 'all' wildcard, with BANG being used for negation. Paranoid, Inc. sites would go *.paranoid.com !* and everyone else could go !*.paranoid.com * ;-) The rule would be to run the .netaccess file until there is a match, and permit or deny access based on the presence or lack of a '!'. This implies that Paranoid, Inc. doesn't need the !* at the end except to feel warm and cozy ;-) -- John F. Haugh II +-Quote of the month club: ------------ VoiceNet: (512) 832-8832 Data: -8835 | "Chocolate Teddy Grahams are just InterNet: jfh@rpp386.cactus.org | reincarnated Space Food Sticks." UUCPNet: {texbell|bigtex}!rpp386!jfh +------------ -- Richard Sexton ---