> -----Original Message----- > From: fedora-list-bounces@xxxxxxxxxx > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Neil Marjoram > Sent: Thursday, September 29, 2005 9:31 AM > To: fedora-list@xxxxxxxxxx > Subject: NFS and denying access to subnets > > OK I've been trying for ages now but I just can't seem to get > this into my head. > > I have 8 subnets on my network 10.1.1.0 mask is > 255.255.255.224 or /27, I would like all but one of these > subnets to be able to mount from my NFS server. So I thought > I'd add the relevant lines into /etc/hosts.allow and /etc/hosts.deny; > > It's long, so I've shortened it. > /etc/host.allow > portmap:10.1.1.0/255.255.255.224 > lockd:10.1.1.0/255.255.255.224 > mountd:10.1.1.0/255.255.255.224 > rquoted:10.1.1.0/255.255.255.224 > statd:10.1.1.0/255.255.255.224 > portmap:10.1.1.32/255.255.255.224 > lockd:10.1.1.32/255.255.255.224 > mountd:10.1.1.32/255.255.255.224 > rquoted:10.1.1.32/255.255.255.224 > statd:10.1.1.32/255.255.255.224 > > And all the other 5 networks. > > And in the /etc/hosts.deny > > portmap:10.1.1.160/255.255.255.224 > lockd:10.1.1.160/255.255.255.224 > mountd:10.1.1.160/255.255.255.224 > rquoted:10.1.1.160/255.255.255.224 > statd:10.1.1.160/255.255.255.224 > > I have restarted NFS and Portmap, but alas those systems on > the 160 network can still mount and see nfs mounts. > > Am I barking up the wrong tree and is there an easier way to > accomplish this ? > > Many thanks > > Neil. > whats your /etc/exports look like? I think you can do the following: /home 10.1.1.32/255.255.255.224(rw) /home 10.1.1.160/255.255.255.224(noaccess) -Mike