chiark
/
gitweb
/
~mdw
/
preload-hacks
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
noip.c: Add debugging to most of the syscall wrappers.
[preload-hacks]
/
noip.1
diff --git
a/noip.1
b/noip.1
index c34131b3ed55051be44ff506311109a61a28c90c..8ab355f6f8666065035c633e3600973cfc7f27a9 100644
(file)
--- a/
noip.1
+++ b/
noip.1
@@
-193,7
+193,7
@@
is a comma-separated list of entries of the form:
.RB [ \- \c
.IR address | \c
.BR / \c
.RB [ \- \c
.IR address | \c
.BR / \c
-.IR
mask
]| \c
+.IR
prefix-length
]| \c
.BR local | any
.RB [ : \c
.IR port [ \c
.BR local | any
.RB [ : \c
.IR port [ \c
@@
-202,8
+202,7
@@
is a comma-separated list of entries of the form:
.PP
(The spaces in the above are optional.)
.PP
.PP
(The spaces in the above are optional.)
.PP
-The leading sign says whether
-matching addresses should be
+The leading sign says whether matching addresses should be
.I accepted
.RB (` + ')
or
.I accepted
.RB (` + ')
or
@@
-219,17
+218,18
@@
Matches all addresses.
Matches the address of one of the machine's network interfaces.
.TP
.I address
Matches the address of one of the machine's network interfaces.
.TP
.I address
-Matches just the given address
+Matches just the given IPv4 or IPv6 address. An
+.I address
+may be enclosed in square brackets; IPv6 addresses must be so enclosed,
+because colons are significant in the rest of the ACL syntax.
.TP
.IB address \- address
Matches any address which falls in the given range. Addresses are
compared lexicographically, with octets to the left given precedence
over octets to the right.
.TP
.TP
.IB address \- address
Matches any address which falls in the given range. Addresses are
compared lexicographically, with octets to the left given precedence
over octets to the right.
.TP
-.IB address / mask
-Matches an address in the given network. The
-.I mask
-may be a netmask in dotted-quad form, or a one-bit-count.
+.IB address / prefix-length
+Matches an address in the given network.
.PP
The port portion may be omitted (which means `match any port'), or may
be a single
.PP
The port portion may be omitted (which means `match any port'), or may
be a single
@@
-249,7
+249,7
@@
is empty, the default is to deny all addresses.
For example, it may be useful to allow access at least to a DNS server.
This can be accomplished by adding a line
.VS
For example, it may be useful to allow access at least to a DNS server.
This can be accomplished by adding a line
.VS
-realconnect +1.2.3.4:5
2
+realconnect +1.2.3.4:5
3
.VE
to the configuration file, where 1.2.3.4 is the IP address of one of
your DNS server.
.VE
to the configuration file, where 1.2.3.4 is the IP address of one of
your DNS server.
@@
-280,9
+280,9
@@
port to himself or a small group.
is implemented as an
.B LD_PRELOAD
hack. It won't work on setuid programs. Also, perhaps more
is implemented as an
.B LD_PRELOAD
hack. It won't work on setuid programs. Also, perhaps more
-importantly, it can't do anything a
+importantly, it can't do anything
to prevent
a
.I malicious
.I malicious
-program use of networking: a program could theoretically issue sockets
+program
's
use of networking: a program could theoretically issue sockets
system calls directly instead of using the C library calls that
.B noip
intercepts. It is intended only as a tool for enhancing the security of
system calls directly instead of using the C library calls that
.B noip
intercepts. It is intended only as a tool for enhancing the security of
@@
-317,4
+317,4
@@
child processes will be unaffected.
.PP
This manual is surprisingly long and complicated for such a simple hack.
.SH AUTHOR
.PP
This manual is surprisingly long and complicated for such a simple hack.
.SH AUTHOR
-Mark Wooding, <mdw@
nsict.org
>
+Mark Wooding, <mdw@
distorted.org.uk
>