Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.csd.uwm.edu!cs.utexas.edu!natinst!rpp386!jfh
From: jfh@rpp386.Dallas.TX.US (John F. Haugh II)
Newsgroups: comp.unix.wizards
Subject: Re: Unix network security
Summary: How about .netaccess works both ways?
Message-ID: <16917@rpp386.Dallas.TX.US>
Date: 19 Aug 89 17:14:25 GMT
References: <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu> <3942@phri.UUCP> <35131@wlbr.IMSD.CONTEL.COM>
Reply-To: jfh@rpp386.cactus.org (John F. Haugh II)
Organization: I am NOT the NRA
Lines: 29

In article <35131@wlbr.IMSD.CONTEL.COM> sms@WLV.IMSD.CONTEL.COM.UUCP (Steven M. Schultz) writes:
>	How about inverting the meaning of ".netaccess"?  By this i
>	mean making it a list of hosts/addresses to be rejected.  There
>	have been times when it would be desireable to let connections
>	from all systems except a list of bad/undesireables.

This could work both ways like netnews sys files are with newsgroups.
The '*' operator could function like an 'all' wildcard, with BANG
being used for negation.  Paranoid, Inc. sites would go

*.paranoid.com
!*

and everyone else could go

!*.paranoid.com
*

;-)

The rule would be to run the .netaccess file until there is a match,
and permit or deny access based on the presence or lack of a '!'.
This implies that Paranoid, Inc. doesn't need the !* at the end
except to feel warm and cozy ;-)
-- 
John F. Haugh II                        +-Quote of the month club: ------------
VoiceNet: (512) 832-8832   Data: -8835  | "Chocolate Teddy Grahams are just
InterNet: jfh@rpp386.cactus.org         |  reincarnated Space Food Sticks."
UUCPNet:  {texbell|bigtex}!rpp386!jfh   +------------     -- Richard Sexton ---