|
|
The access control language implements the following patterns:
- A string that begins with a `.' character. A host name is matched if the last components of its name match the
specified pattern. For example, the pattern `.tue.nl' matches the host name `wzv.win.tue.nl'.
- A string that ends with a `.' character. A host address is matched if its first numeric fields match the given
string. For example, the pattern `131.155.' matches the address of (almost) every host on the Eindhoven Univer-
sity network (131.155.x.x).
- A string that begins with an `@' character is treated as an NIS (formerly YP) netgroup name. A host name is
matched if it is a host member of the specified netgroup. Netgroup matches are not supported for daemon process
names or for client user names.
- An expression of the form `n.n.n.n/m.m.m.m' is interpreted as a `net/mask' pair. An IPv4 host address is matched
if `net' is equal to the bitwise AND of the address and the `mask'. For example, the net/mask pattern
`131.155.72.0/255.255.254.0' matches every address in the range `131.155.72.0' through `131.155.73.255'.
- An expression of the form `[n:n:n:n:n:n:n:n]/m' is interpreted as a `[net]/prefixlen' pair. An IPv6 host address
is matched if `prefixlen' bits of `net' is equal to the `prefixlen' bits of the address. For example, the
[net]/prefixlen pattern `[3ffe:505:2:1::]/64' matches every address in the range `3ffe:505:2:1::' through
`3ffe:505:2:1:ffff:ffff:ffff:ffff'.
- A string that begins with a `/' character is treated as a file name. A host name or address is matched if it
matches any host name or address pattern listed in the named file. The file format is zero or more lines with
zero or more host name or address patterns separated by whitespace. A file name pattern can be used anywhere a
host name or address pattern can be used.
- Wildcards `*' and `?' can be used to match hostnames or IP addresses. This method of matching cannot be used in
conjunction with `net/mask' matching, hostname matching beginning with `.' or IP address matching ending with
`.'.
Now for some wildcards:
- ALL The universal wildcard, always matches.
- LOCAL Matches any host whose name does not contain a dot character.
- UNKNOWN
Matches any user whose name is unknown, and matches any host whose name or address are unknown. This pattern
should be used with care: host names may be unavailable due to temporary name server problems. A network address will be unavailable when the software cannot figure out what type of network it is talking to.
- KNOWN Matches any user whose name is known, and matches any host whose name and address are known. This pattern should
be used with care: host names may be unavailable due to temporary name server problems. A network address will
be unavailable when the software cannot figure out what type of network it is talking to.
- PARANOID
Matches any host whose name does not match its address. When tcpd is built with -DPARANOID (default mode), it
drops requests from such clients even before looking at the access control tables. Build without -DPARANOID
when you want more control over such requests.
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 4.5
Votes: 2
|
|
|
