I'm trying to formulate a rule from pg_hba.conf file. Thus far I have understood that pg_hba.conf
file is used to give access to the specific user for a specific host. But I just want to take a second opinion hence this question.
Given that I defined a set of entry in pg_hba.conf
:
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
host all all 111.121.10.32/32 md5
Then does Postgres guarantee the only way anyone can connect to Postgres is either using localhost
or from 111.121.10.32
and not other IP will be able to access the Postgres server.
Is my understanding correct?
Best Answer
Your understanding is correct. For every connection attempt, each line in
pg_hba.conf
is checked in turn. The first matching line applies and the connection then either passes with this or fails trying. Much like a firewall. The manual:Bold emphasis mine.