On Thu, 23 Dec 2021 at 15:45, shing dong <s7eqs...@gmail.com> wrote: > I have tested this feature , only had >> > > host VJ VJ_USER 10.10.10.1/32 md5 > > in the pg_hba.conf file >
I may be a bit off , but can you try a couple of things, other than a fresh install, incase you have time to debug more. is it possible to snapshot the vm, and and set it up in a controlled environment where you can play around with incoming connections at the network layer beyond the vm. With that, is it possible for you to use gdb and debug a connection to the postmaster. you can setup using below, Getting a stack trace of a running PostgreSQL backend on Linux/BSD - PostgreSQL wiki <https://wiki.postgresql.org/wiki/Getting_a_stack_trace_of_a_running_PostgreSQL_backend_on_Linux/BSD> and then you can put a breakpoint at this function and check the input lines it gets for parsing. https://github.com/postgres/postgres/blob/6ab42ae36713b1e6f961c37e22f99d3e6267523b/src/backend/libpq/hba.c#L779 postgres/hba.c at 6ab42ae36713b1e6f961c37e22f99d3e6267523b ยท postgres/postgres (github.com) <https://github.com/postgres/postgres/blob/6ab42ae36713b1e6f961c37e22f99d3e6267523b/src/backend/libpq/hba.c#L1438> but maybe this helps identify why other ips are being allowed. to be more paranoid, you can all reject from the ip you are trying to make a connection, and trace that specific rule. this might be an overkill and maybe a waste of effort given you already can query the hba view, but incase you want to try out.
