Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
YPSERV.ACL(5)		  FreeBSD File Formats Manual		 YPSERV.ACL(5)

NAME
     ypserv.acl	-- ypserv(8) access control configuration

DESCRIPTION
     The ypserv.acl file controls which	hosts can connect to the yp(8) server.

     The format	is more	complex	than the format	for securenet(5).  The first
     two words on each line controls if	the line will allow or deny access for
     a host, network (net), or all hosts.

     The YP server reads the configuration file	and builds a list in memory.
     This list is processed from the beginning for every incoming request.  As
     soon as a match is	found in the list the search terminates	and it returns
     success or	failure	depending on which of allow or deny was	specified.  If
     no	match was found	in the list, success is	returned.

     If	access is denied every call will cause a "no such domain" error	for
     the caller.

     Normally both the local hostname and localhost must be allowed access.
     Otherwise ypserv(8) might not work	correctly.

     There is no default name for this file.  Start ypserv(8) with -a filename
     to	read a file with this format.

     The following syntax may be used:

	   allow|deny host hostname|ip-address

     If	hostname has more than one IP address, they will all be	added to the
     list.

	   allow|deny net netnumber [netmask netnumber]

     If	the netmask part of the	command	isn't given then the netmask will be
     assumed to	be a class A, B	or C net depending on the net number.

	   allow|deny all

     A line containing one of these commands will always match any host.

FILES
     /var/yp/ypserv.acl	 a ypserv(8) configuration file

EXAMPLES
     A configuration file might	look like the following:

     # This is an example of an	access control file to be used by ypserv.
     #
     # This file is parsed line	by line. First match will terminate the	check
     # of the caller.
     #

     ###########################################################################
     # This is the commands that will match a single host
     #
     #	     allow host	<hostname|ip-address>
     #	     deny host <hostname|ip-address>
     #
     # To process hostname gethostbyname is called. If the hostname has
     # multiple	ip-addresses all will be added (I hope). ip-address
     # processed by inet_aton.
     allow host	localhost
     allow host	myypserver
     deny host jodie

     ###########################################################################
     # This is the commands that will match a network
     #
     #	     allow net <netnumber> [netmask <netnumber>]
     #	     deny net <netnumber> [netmask <netnumber>]
     #
     # inet_aton is used for netnumber.
     # inet_aton both access numbers as	255.255.255.0 and 0xffffff00.
     #
     # If netmask isn't	given the parser will assume netmask from the first bits
     # of the network number. So if the	network	is subneted the	you have to add
     # the netmask. In my case I've got	the network 139.58.253.0 at home so to
     # allow any of my computers to talk with the server I need	the following
     # line
     #
     allow net 139.58.253.0 netmask 255.255.255.0

     ###########################################################################
     # At last we have a command that will match any caller:
     #
     #	     allow all
     #	     deny all
     #

     # reject all connections
     deny all

SEE ALSO
     securenet(5), yp(8), ypserv(8)

AUTHORS
     Mats O Jansson <moj@stacken.kth.se>

FreeBSD	13.0		       November	1, 2020			  FreeBSD 13.0

NAME | DESCRIPTION | FILES | EXAMPLES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ypserv.acl&sektion=5&manpath=OpenBSD+6.9>

home | help