X-Git-Url: https://git.distorted.org.uk/~mdw/preload-hacks/blobdiff_plain/9314b85a0abede2464bc7301cc0de4f57bb3005b..2f2b91d93424c015ab0ccf67be6bcb21d303616e:/noip.1?ds=inline diff --git a/noip.1 b/noip.1 index 2d1beef..6600b9d 100644 --- a/noip.1 +++ b/noip.1 @@ -86,8 +86,8 @@ is set, then the file it names is read instead (assuming it exists; if it doesn't, no configuration is read). .PP The configuration file has a simple line-based format. A line is -ignored if it consists only of whitespace, or if its first whitespace -character is +ignored if it consists only of whitespace, or if its first +non-whitespace character is .RB ` # '. Otherwise, the first whitespace-delimited word is a keyword and the remainder of the line is a value. The following keywords are @@ -175,7 +175,7 @@ rules are appended on the end. Currently, the rules in are also put at the end (before the .B _AFTER rules), though this may change later. -.PP +.IP (Aside: An attempt to connect to a remote host may not be a hopeless failure, even if a real IP socket is denied: .B noip @@ -183,34 +183,65 @@ deliberately makes no attempt to check that addresses being bound to sockets correspond to locally available addresses; and besides, sockets can be introduced into the directory by other programs simulating remote servers.) +.TP +.BI "impbind " bind-rule +Add an entry to the implicit-bind rule list. When a program attempts to +.BR connect (2) +a socket without binding its local address first, +.B noip +consults this list to decide on the correct local address to assign. +Each entry in the list has the form +.RS +.IP +.I address-range +.IR address | \c +.B same +.PP +The rules are tried in order: if the remote address matches (in the same +way as in an ACL entry) the address range on the left side of the rule, +then the socket is bound to the address from the right side; if the +address on the right is +.B same +then the remote address is used. +.PP +Three environment variables +are consulted too: +.BR NOIP_IMPBIND_BEFORE , +.BR NOIP_IMPBIND , +and +.BR NOIP_IMPBIND_AFTER . +The +.B _BEFORE +rules are inserted at the front of the list; the +.B _AFTER +rules are appended on the end. Currently, the rules in +.B NOIP_IMPBIND +are also put at the end (before the +.B _AFTER +rules), though this may change later. +.RE .PP An .I acl-entry is a comma-separated list of entries of the form: .IP .BR + | \- -.IR address \c -.RB [ \- \c -.IR address | \c -.BR / \c -.IR prefix-length ]| \c -.BR local | any +.I address-range .RB [ : \c -.IR port [ \c -.BI \- \c -.IR port ]] +.IR port-range ] .PP (The spaces in the above are optional.) .PP -The leading sign says whether -matching addresses should be +The leading sign says whether matching addresses should be .I accepted .RB (` + ') or .I denied .RB (` \- '). .PP -The IP-address portion may be any of the following +The +.I address-range +portion may be any of the following. .TP .B any Matches all addresses. @@ -219,9 +250,10 @@ Matches all addresses. Matches the address of one of the machine's network interfaces. .TP .I address -Matches just the given address. An +Matches just the given IPv4 or IPv6 address. An .I address -may be enclosed in square brackets. +may be enclosed in square brackets; IPv6 addresses must be so enclosed, +because colons are significant in the rest of the ACL syntax. .TP .IB address \- address Matches any address which falls in the given range. Addresses are @@ -231,8 +263,9 @@ over octets to the right. .IB address / prefix-length Matches an address in the given network. .PP -The port portion may be omitted (which means `match any port'), or may -be a single +The +.I port-range +may be omitted (which means `match any port'), or may be a single .I port or a range .IB port \- port