X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/preload-hacks/blobdiff_plain/5b49f527fb6e7287923bfb39e17bae724d4fb591..dc3956b3f2f9b13bbf93df2ed7295407cc90ab86:/noip.1 diff --git a/noip.1 b/noip.1 index c34131b..8ab355f 100644 --- a/noip.1 +++ b/noip.1 @@ -193,7 +193,7 @@ is a comma-separated list of entries of the form: .RB [ \- \c .IR address | \c .BR / \c -.IR mask ]| \c +.IR prefix-length ]| \c .BR local | any .RB [ : \c .IR port [ \c @@ -202,8 +202,7 @@ is a comma-separated list of entries of the form: .PP (The spaces in the above are optional.) .PP -The leading sign says whether -matching addresses should be +The leading sign says whether matching addresses should be .I accepted .RB (` + ') or @@ -219,17 +218,18 @@ Matches all addresses. Matches the address of one of the machine's network interfaces. .TP .I address -Matches just the given address +Matches just the given IPv4 or IPv6 address. An +.I address +may be enclosed in square brackets; IPv6 addresses must be so enclosed, +because colons are significant in the rest of the ACL syntax. .TP .IB address \- address Matches any address which falls in the given range. Addresses are compared lexicographically, with octets to the left given precedence over octets to the right. .TP -.IB address / mask -Matches an address in the given network. The -.I mask -may be a netmask in dotted-quad form, or a one-bit-count. +.IB address / prefix-length +Matches an address in the given network. .PP The port portion may be omitted (which means `match any port'), or may be a single @@ -249,7 +249,7 @@ is empty, the default is to deny all addresses. For example, it may be useful to allow access at least to a DNS server. This can be accomplished by adding a line .VS -realconnect +1.2.3.4:52 +realconnect +1.2.3.4:53 .VE to the configuration file, where 1.2.3.4 is the IP address of one of your DNS server. @@ -280,9 +280,9 @@ port to himself or a small group. is implemented as an .B LD_PRELOAD hack. It won't work on setuid programs. Also, perhaps more -importantly, it can't do anything a +importantly, it can't do anything to prevent a .I malicious -program use of networking: a program could theoretically issue sockets +program's use of networking: a program could theoretically issue sockets system calls directly instead of using the C library calls that .B noip intercepts. It is intended only as a tool for enhancing the security of @@ -317,4 +317,4 @@ child processes will be unaffected. .PP This manual is surprisingly long and complicated for such a simple hack. .SH AUTHOR -Mark Wooding, +Mark Wooding,