Q: Gnatsd rejects connections from a remote host with the error message 520 You are not on the host access list.
A: Check the file gnatsd.host_access; if you are using the default locations, this is /usr/local/etc/gnats/gnatsd.host_access. (If you are still using gnats 3.xxx, the file is named gnatsd.conf; its default place is /usr/local/etc/gnatsd.conf.)
Each line of the file names a host and its access level, separated by colons. Gnatsd tries the lines in turn to match the remote host, and the first line that matches wins.
The first field specifies the host(s); it may be a host name (like goedel.example.com), a partial domain (like *.example.com), an IP address (like 192.168.1.5), or a partial IP address (like 192.168.*). If it is only *, it matches all hosts.
Depending on how IP addresses are mapped to hostnames on your gnatsd machine, you may be able to omit the domain (like in goedel). You may even need to omit the domain for some hosts.
The second field is the access level granted to the remote host. This is usually increased by the access level granted to the user as soon as (s)he logs in.
The third field is currently not used; just leave it empty (but supply the colon between the second and the third field).
Example:
| # # This is a comment # # Grant view access to all hosts with IP addresses # ranging from 192.168.0.0 to 192.168.255.255: 192.168.*:view: # Users on host goedel.example.com get (at least) edit access: goedel.example.com:edit: # Users from escher.example.com may view all reports, even # confidential ones: escher.example.com:viewconf: # Users from bach.example.com may only view all non-confidential # reports: bach.example.com:view: # Users from other example.com hosts # only get the access specified for them in gnatsd.user_access: *.example.com:none: # Same for domain our-users.example: *.our-users.example:none: # All other hosts are rejected # without even asking for username and password: *:deny: |
The format is described in detail in the comments at the beginning of the file.