diff options
| author |   schwarze <schwarze@openbsd.org> | 2018-04-26 13:31:46 +0000 |
|---|---|---|
| committer | schwarze <schwarze@openbsd.org> | 2018-04-26 13:31:46 +0000 |
| commit | aaeb7f20e2a761073dd2a75842359faee5df1103 (patch) | |
| tree | fad258195c345c9872c91ca47b9d4dd242085d2d | |
| parent | adjust to removed support for /etc/networks (diff) | |
| download | wireguard-openbsd-aaeb7f20e2a761073dd2a75842359faee5df1103.tar.xz wireguard-openbsd-aaeb7f20e2a761073dd2a75842359faee5df1103.zip | |
Minimal macro cleanup.
The way the content is presented is still atrocious,
but i'm not cleaning that up right now.
| -rw-r--r-- | usr.sbin/ypserv/ypserv/ypserv.acl.5 | 53 |
1 files changed, 18 insertions, 35 deletions
diff --git a/usr.sbin/ypserv/ypserv/ypserv.acl.5 b/usr.sbin/ypserv/ypserv/ypserv.acl.5 index 7a5321d0dba..2a3e50a4713 100644 --- a/usr.sbin/ypserv/ypserv/ypserv.acl.5 +++ b/usr.sbin/ypserv/ypserv/ypserv.acl.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ypserv.acl.5,v 1.24 2018/04/26 13:11:09 schwarze Exp $ +.\" $OpenBSD: ypserv.acl.5,v 1.25 2018/04/26 13:31:46 schwarze Exp $ .\" .\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se> .\" All rights reserved. @@ -29,90 +29,73 @@ .Os .Sh NAME .Nm ypserv.acl -.Nd ypserv(8) configuration file +.Nd ypserv(8) access control configuration .Sh DESCRIPTION The .Nm file controls which hosts can connect to the -.Nm YP +.Xr yp 8 server. .Pp The format is more complex than the format for .Xr securenet 5 . The first two words on each line controls if the line will -.Nm allow +.Ic allow or -.Nm deny +.Ic deny access for a -.Nm host , +.Cm host , network -.Nm (net) +.Pq Cm net , or -.Nm all +.Cm all hosts. .Pp -The -.Nm YP +The YP server reads the configuration file and builds a list in memory. This list is processed from the beginning for every incoming request. As soon as a match is found in the list the search terminates and it returns success or failure depending on which of -.Nm allow +.Ic allow or -.Nm deny +.Ic deny was specified. If no match was found in the list success is returned. .Pp If access is denied every call will cause a -.Nm no such domain +.Dq no such domain error for the caller. .Pp Normally both the local hostname and localhost must be allowed access. Otherwise -.Nm ypserv +.Xr ypserv 8 might not work correctly. .Pp There is no default name for this file. Start -.Nm ypserv +.Xr ypserv 8 with .Fl a Ar filename to read a file with this format. .Pp The following syntax may be used: .Pp -< -.Ic allow|deny -> -.Ic host -< -.Ic hostname|ip-address -> +.D1 Ic allow Ns | Ns Ic deny Cm host Ar hostname Ns | Ns Ar ip-address .Pp If .Ic hostname has more than one IP address, they will all be added to the list. .Pp -< -.Ic allow|deny -> -.Ic net -< -.Ic netnumber -> -.Op Ic netmask <netnumber> +.D1 Ic allow Ns | Ns Ic deny Cm net Ar netnumber Op Cm netmask Ar netnumber .Pp If the -.Ic netmask +.Cm netmask part of the command isn't given then the netmask will be assumed to be a class A, B or C net depending on the net number. .Pp -< -.Ic allow|deny -> -.Ic all +.D1 Ic allow Ns | Ns Ic deny Cm all .Pp A line containing one of these commands will always match any host. .Sh FILES |