[rbldnsd] "default refuse" ACL in rbldnsd 0.996
Kai Schlichting
kai-rbldnsd-list at spamshield.org
Thu Jul 6 18:37:42 MSD 2006
On Thu 07/6/06 at 7:00 AM, "Anders Henke" <anders at schlund.de> wrote:
> Hi,
> I'm experimenting a little bit with the ACL mechanism in rbldnsd and
> found out that (using rbldnsd 0.996) default or "catch all other" rules
> by means of "0/0" or "0.0.0.0/0" are being rejected as "invalid
> address".
> As a workaround, I've been successfully using
> ---cut
> :refuse
> 0.0.0.0/1
> 128.0.0.0/1
> ---cut
> However, I think it's worth adding "real" 0/0-support to ACLs (or at
> least document how to create a "default" ACL).
> Why this "default refuse"-thing?
I've encountered the same issue a while back.
This might actually be a bug - and I've seen the EXACT SAME ISSUE
in the Net::Patricia Perl module:
$pt->add_string('0.0.0.0/0', $user_data);
This entry will never be matched ($ret = $pt->match_string($ask_ip)).
(btw: Putting a scalar of 0 into $user_data is the same as if $user_data was
undef - match_string() will return the 1st argument (netstring) in that case).
bye,Kai
More information about the rbldnsd
mailing list