X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/preload-hacks/blobdiff_plain/99222954396fb6ad618fea50123c5fa565b78ed6..9111857cc67644ff89749d5919647b38033bb6fd:/noip.1 diff --git a/noip.1 b/noip.1 index 8ab355f..f4598da 100644 --- a/noip.1 +++ b/noip.1 @@ -86,8 +86,8 @@ is set, then the file it names is read instead (assuming it exists; if it doesn't, no configuration is read). .PP The configuration file has a simple line-based format. A line is -ignored if it consists only of whitespace, or if its first whitespace -character is +ignored if it consists only of whitespace, or if its first +non-whitespace character is .RB ` # '. Otherwise, the first whitespace-delimited word is a keyword and the remainder of the line is a value. The following keywords are @@ -123,9 +123,10 @@ variable can also be used to control which ports are assigned automatically. .TP .BI "realbind " acl-entry -Add an entry to the +Add a comma-separated list of entries to the .B realbind -access control list (ACL). When a program attempts to +access control list (ACL). (See below for the format of an ACL entry.) +When a program attempts to .BR bind (2) a socket to an address, the .B realbind @@ -148,9 +149,10 @@ are also put at the end (before the rules), though this may change later. .TP .BI "realconnect " acl-entry -Add an entry to the +Add a comma-separated list of entries to the .B realconnect -access control list (ACL). When a program attempts to +access control list (ACL). (See below for the format of an ACL entry.) +When a program attempts to .BR connect (2) a socket to an address, or to contact another socket using .BR sendto (2) @@ -175,7 +177,7 @@ rules are appended on the end. Currently, the rules in are also put at the end (before the .B _AFTER rules), though this may change later. -.PP +.IP (Aside: An attempt to connect to a remote host may not be a hopeless failure, even if a real IP socket is denied: .B noip @@ -183,22 +185,55 @@ deliberately makes no attempt to check that addresses being bound to sockets correspond to locally available addresses; and besides, sockets can be introduced into the directory by other programs simulating remote servers.) +.TP +.BI "impbind " bind-rule +Add a comma-separated list of entries to the implicit-bind rule list. +When a program attempts to transmit from a socket \(en e.g., with +.BR connect (2), +.BR sendto (2), or +.BR sendmsg (2) +\(en without binding its local address first, +.B noip +consults this list to decide on the correct local address to assign. +Each entry in the list has the form +.RS +.IP +.I address-range +.IR address | \c +.B same +.PP +The rules are tried in order: if the remote address matches (in the same +way as in an ACL entry) the address range on the left side of the rule, +then the socket is bound to the address from the right side; if the +address on the right is +.B same +then the remote address is used. +.PP +Three environment variables +are consulted too: +.BR NOIP_IMPBIND_BEFORE , +.BR NOIP_IMPBIND , +and +.BR NOIP_IMPBIND_AFTER . +The +.B _BEFORE +rules are inserted at the front of the list; the +.B _AFTER +rules are appended on the end. Currently, the rules in +.B NOIP_IMPBIND +are also put at the end (before the +.B _AFTER +rules), though this may change later. +.RE .PP An .I acl-entry is a comma-separated list of entries of the form: .IP .BR + | \- -.IR address \c -.RB [ \- \c -.IR address | \c -.BR / \c -.IR prefix-length ]| \c -.BR local | any +.I address-range .RB [ : \c -.IR port [ \c -.BI \- \c -.IR port ]] +.IR port-range ] .PP (The spaces in the above are optional.) .PP @@ -209,7 +244,9 @@ or .I denied .RB (` \- '). .PP -The IP-address portion may be any of the following +The +.I address-range +portion may be any of the following. .TP .B any Matches all addresses. @@ -231,8 +268,9 @@ over octets to the right. .IB address / prefix-length Matches an address in the given network. .PP -The port portion may be omitted (which means `match any port'), or may -be a single +The +.I port-range +may be omitted (which means `match any port'), or may be a single .I port or a range .IB port \- port