ypserv.acl - ypserv(8) configuration file
The ypserv.acl file controls which hosts can connect to the
YP server.
The format is more complex than the format for securenet(5).
The first
two words on each line controls if the line will allow or
deny access for
a host, network (net) or all hosts.
The YP server reads the configuration file and builds a list
in memory.
This list is processed from the beginning for every incoming
request. As
soon as a match is found in the list the search terminates
and it returns
success or failure depending on which of allow or deny was
specified. If
no match was found in the list success is returned.
If access is denied every call will cause a no such domain
error for the
caller.
Normally both the local hostname and localhost must be allowed access.
Otherwise ypserv might not work correctly.
There is no default name for this file. Start ypserv with
-a filename to
read a file with this format.
The following syntax may be used:
< allow|deny > host < hostname|ip-address >
If hostname has more than one IP address, they will all be
added to the
list.
< allow|deny > net < netname|netnumber > [netmask
<netname|netnumber>]
If the netmask part of the command isn't given then the netmask will be
assumed to be a class A, B or C net depending on the net
number.
< allow|deny > all
A line containing one of these commands will always match
any host.
/var/yp/ypserv.acl a ypserv(8) configuration file
A configuration file might look like the following:
# This is an example of an access control file to be used by
ypserv.
#
# This file is parsed line by line. First match will terminate the check
# of the caller.
#
###########################################################################
# This is the commands that will match a single host
#
# allow host <hostname|ip-address>
# deny host <hostname|ip-address>
#
# To process hostname gethostbyname is called. If the hostname has
# multiple ip-addresses all will be added (I hope). ip-address
# processed by inet_aton.
allow host localhost
allow host myypserver
deny host jodie
###########################################################################
# This is the commands that will match a network
#
# allow net <netname|netnumber> [netmask <netname|netnumber>]
# deny net <netname|netnumber> [netmask <netname|netnumber>]
#
# To process netname getnetbyname is called, and inet_aton
is used for
# netnumber. inet_aton both access numbers as 255.255.255.0
and 0xffffff00.
#
# If netmask isn't given the parser will assume netmask from
the first bits
# of the network number. So if the network is subneted the
you have to add
# the netmask. In my case I've got the network 139.58.253.0
at home so to
# allow any of my computers to talk with the server I need
the following
# line
#
allow net mojathome netmask 255.255.255.0
###########################################################################
# At last we have a command that will match any caller:
#
# allow all
# deny all
#
# reject all connections
deny all
securenet(5), yp(8), ypserv(8)
Mats O Jansson <[email protected]>
OpenBSD 3.6 July 2, 1994
[ Back ] | 