spell-gate New usr/src/man/man4/securenets.4

   1 '\" te
   2 .\" Copyright (C) 2000, Sun Microsystems,
   3 .\" Inc. All Rights Reserved
   4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   7 .TH SECURENETS 4 "May 16, 2020"
   8 .SH NAME
   9 securenets \- configuration file for NIS security
  10 .SH SYNOPSIS
  11 .nf
  12 \fB/var/yp/securenets\fR
  13 .fi
  14 
  15 .SH DESCRIPTION
  16 The  \fB/var/yp/securenets\fR file defines the networks or hosts which are
  17 allowed access to information by the Network Information Service ("\fBNIS\fR").
  18 .sp
  19 .LP
  20 The format of the file is as follows:
  21 .RS +4
  22 .TP
  23 .ie t \(bu
  24 .el o
  25 Lines beginning with the ``#'' character are treated as comments.
  26 .RE
  27 .RS +4
  28 .TP
  29 .ie t \(bu
  30 .el o
  31 Otherwise, each line contains two fields separated by white space.  The first
  32 field is a netmask, the second a network.
  33 .RE
  34 .RS +4
  35 .TP
  36 .ie t \(bu
  37 .el o
  38 The netmask field may be either \fB255.255.255.255\fR (IPv4),
  39 \fBffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff\fR (IPv6) , or the string ``host''
  40 indicating that the second field is a specific host to be allowed access.
  41 .RE
  42 .sp
  43 .LP
  44 Both \fBypserv\fR(1M) and \fBypxfrd\fR(1M) use the \fB/var/yp/securenets\fR
  45 file.  The file is read when the  \fBypserv\fR(1M) and \fBypxfrd\fR(1M) daemons
  46 begin. If \fB/var/yp/securenets\fR is present, \fBypserv\fR(1M) and
  47 \fBypxfrd\fR(1M) respond only to \fBIP\fR addresses in the range given. In
  48 order for a change in the \fB/var/yp/securenets\fR file to take effect, you
  49 must kill and restart any active daemons using \fBypstop\fR(1M) and
  50 \fBypstart\fR(1M).
  51 .sp
  52 .LP
  53 An important thing to note for all the examples below is that the server must
  54 be allowed to access itself. You accomplish this either by the server being
  55 part of a subnet that is allowed to access the server, or by adding an
  56 individual entry, as the following:
  57 .sp
  58 .in +2
  59 .nf
  60 hosts 127.0.0.1
  61 .fi
  62 .in -2
  63 .sp
  64 
  65 .SH EXAMPLES
  66 \fBExample 1 \fRAccess for Individual Entries
  67 .sp
  68 .LP
  69 If individual machines are to be give access, the entry could be:
  70 
  71 .sp
  72 .in +2
  73 .nf
  74 255.255.255.255 192.9.1.20
  75 .fi
  76 .in -2
  77 .sp
  78 
  79 .sp
  80 .LP
  81 or
  82 
  83 .sp
  84 .in +2
  85 .nf
  86 host    192.0.1.20
  87 .fi
  88 .in -2
  89 .sp
  90 
  91 .LP
  92 \fBExample 2 \fRAccess for a Class C Network
  93 .sp
  94 .LP
  95 If access is to be given to an entire class C network, the entry could be:
  96 
  97 .sp
  98 .in +2
  99 .nf
 100 255.255.255.0   192.9.1.0
 101 .fi
 102 .in -2
 103 .sp
 104 
 105 .LP
 106 \fBExample 3 \fRAccess for a Class B Network
 107 .sp
 108 .LP
 109 The entry for access to a class B network could be:
 110 
 111 .sp
 112 .in +2
 113 .nf
 114 255.255.0.0     9.9.0.0
 115 .fi
 116 .in -2
 117 .sp
 118 
 119 .LP
 120 \fBExample 4 \fRAccess for an Individual IPv6 Address
 121 .sp
 122 .LP
 123 Similarly, to allow access for an individual IPv6 address:
 124 
 125 .sp
 126 .in +2
 127 .nf
 128 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff  fec0::111:abba:ace0:fba5e:1
 129 .fi
 130 .in -2
 131 .sp
 132 
 133 .sp
 134 .LP
 135 or
 136 
 137 .sp
 138 .in +2
 139 .nf
 140 host  fec0::111:abba:ace0:fba5e:1
 141 .fi
 142 .in -2
 143 .sp
 144 
 145 .LP
 146 \fBExample 5 \fRAccess for all IPv6 Addresses Starting with fe80
 147 .sp
 148 .LP
 149 To allow access for all IPv6 addresses starting with fe80:
 150 
 151 .sp
 152 .in +2
 153 .nf
 154 ffff::  fe80::
 155 .fi
 156 .in -2
 157 .sp
 158 
 159 .SH FILES
 160 .ne 2
 161 .na
 162 \fB\fB/var/yp/securenets\fR\fR
 163 .ad
 164 .RS 22n
 165 Configuration file for \fBNIS\fR security.
 166 .RE
 167 
 168 .SH SEE ALSO
 169 \fBypserv\fR(1M), \fBypstart\fR(1M), \fBypstop\fR(1M), \fBypxfrd\fR(1M)
 170 .SH NOTES
 171 The Network Information Service (NIS) was formerly known as Sun Yellow Pages
 172 (YP).  The functionality of the two remains the same; only the name has
 173 changed. The name Yellow Pages is a registered trademark in the United Kingdom
 174 of British Telecommunications plc, and may not be used without permission.