X-Git-Url: https://git.distorted.org.uk/~mdw/preload-hacks/blobdiff_plain/5b49f527fb6e7287923bfb39e17bae724d4fb591..eb16e33c0fca3058b3fe3ea40653dc7c4a99ce4f:/noip.1?ds=sidebyside

diff --git a/noip.1 b/noip.1
index c34131b..dc7e0d3 100644
--- a/noip.1
+++ b/noip.1
@@ -193,7 +193,7 @@ is a comma-separated list of entries of the form:
 .RB [ \- \c
 .IR address | \c
 .BR / \c
-.IR mask ]| \c
+.IR prefix-length ]| \c
 .BR local | any
 .RB [ : \c
 .IR port [ \c
@@ -219,17 +219,18 @@ Matches all addresses.
 Matches the address of one of the machine's network interfaces.
 .TP
 .I address
-Matches just the given address
+Matches just the given IPv4 or IPv6 address.  An
+.I address
+may be enclosed in square brackets; IPv6 addresses must be so enclosed,
+because colons are significant in the rest of the ACL syntax.
 .TP
 .IB address \- address
 Matches any address which falls in the given range.  Addresses are
 compared lexicographically, with octets to the left given precedence
 over octets to the right.
 .TP
-.IB address / mask
-Matches an address in the given network.  The
-.I mask
-may be a netmask in dotted-quad form, or a one-bit-count.
+.IB address / prefix-length
+Matches an address in the given network.
 .PP
 The port portion may be omitted (which means `match any port'), or may
 be a single
@@ -249,7 +250,7 @@ is empty, the default is to deny all addresses.
 For example, it may be useful to allow access at least to a DNS server.
 This can be accomplished by adding a line
 .VS
-realconnect +1.2.3.4:52
+realconnect +1.2.3.4:53
 .VE
 to the configuration file, where 1.2.3.4 is the IP address of one of
 your DNS server. 
@@ -280,9 +281,9 @@ port to himself or a small group.
 is implemented as an
 .B LD_PRELOAD
 hack.  It won't work on setuid programs.  Also, perhaps more
-importantly, it can't do anything a
+importantly, it can't do anything to prevent a
 .I malicious
-program use of networking: a program could theoretically issue sockets
+program's use of networking: a program could theoretically issue sockets
 system calls directly instead of using the C library calls that
 .B noip
 intercepts.  It is intended only as a tool for enhancing the security of
@@ -317,4 +318,4 @@ child processes will be unaffected.
 .PP
 This manual is surprisingly long and complicated for such a simple hack.
 .SH AUTHOR
-Mark Wooding, <mdw@nsict.org>
+Mark Wooding, <mdw@distorted.org.uk>