X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/preload-hacks/blobdiff_plain/f6049fdd4722ff4a4a0cfc6498653ce101a7e646..f797ea6d51ddbd9efeb906bdd4ad6783a85850d2:/noip.1 diff --git a/noip.1 b/noip.1 index d11ce7d..dc7e0d3 100644 --- a/noip.1 +++ b/noip.1 @@ -79,10 +79,8 @@ reads configuration from .B .noip in the calling user's home directory, as determined by the .B HOME -environment, or, failing that, looking up the -.I real -(not effective) user id in the password database. However, if the -environment variable +environment, or, failing that, looking up the effective user id in the +password database. However, if the environment variable .B NOIP_CONFIG is set, then the file it names is read instead (assuming it exists; if it doesn't, no configuration is read). @@ -195,7 +193,7 @@ is a comma-separated list of entries of the form: .RB [ \- \c .IR address | \c .BR / \c -.IR mask ]| \c +.IR prefix-length ]| \c .BR local | any .RB [ : \c .IR port [ \c @@ -221,17 +219,18 @@ Matches all addresses. Matches the address of one of the machine's network interfaces. .TP .I address -Matches just the given address +Matches just the given IPv4 or IPv6 address. An +.I address +may be enclosed in square brackets; IPv6 addresses must be so enclosed, +because colons are significant in the rest of the ACL syntax. .TP .IB address \- address Matches any address which falls in the given range. Addresses are compared lexicographically, with octets to the left given precedence over octets to the right. .TP -.IB address / mask -Matches an address in the given network. The -.I mask -may be a netmask in dotted-quad form, or a one-bit-count. +.IB address / prefix-length +Matches an address in the given network. .PP The port portion may be omitted (which means `match any port'), or may be a single @@ -251,7 +250,7 @@ is empty, the default is to deny all addresses. For example, it may be useful to allow access at least to a DNS server. This can be accomplished by adding a line .VS -realconnect +1.2.3.4:52 +realconnect +1.2.3.4:53 .VE to the configuration file, where 1.2.3.4 is the IP address of one of your DNS server. @@ -282,9 +281,9 @@ port to himself or a small group. is implemented as an .B LD_PRELOAD hack. It won't work on setuid programs. Also, perhaps more -importantly, it can't do anything a +importantly, it can't do anything to prevent a .I malicious -program use of networking: a program could theoretically issue sockets +program's use of networking: a program could theoretically issue sockets system calls directly instead of using the C library calls that .B noip intercepts. It is intended only as a tool for enhancing the security of @@ -319,4 +318,4 @@ child processes will be unaffected. .PP This manual is surprisingly long and complicated for such a simple hack. .SH AUTHOR -Mark Wooding, +Mark Wooding,