GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
tcprules(1) FreeBSD General Commands Manual tcprules(1)

tcprules - compiles rules for tcpserver(1).

tcprules cdb tmp

tcpserver(1) optionally follows rules to decide whether a TCP connection is acceptable. For example, the rule
18.23.0.32:deny

prohibits connections from IP address 18.23.0.32.

tcprules reads rules from its standard input and writes them into cdb in a binary format suited for quick access by tcpserver(1).

tcprules can be used while tcpserver(1) is running. It ensures that cdb is updated atomically. It does this by first writing the rules to tmp and then moving tmp on top of cdb. If tmp already exists, it is destroyed. The directories containing cdb and tmp must be writable to tcprules; they must also be on the same filesystem.

If there is a problem with the input or with tmp, tcprules complains and leaves cdb alone.

The binary cdb format is portable across machines.

A rule is one line. A file containing rules may also contain comments: lines beginning with # are ignored.

Each rule contains an address, a colon, and a list of instructions, with no extra spaces. When tcpserver(1) receives a connection from that address, it follows the instructions.

tcpserver(1) looks for rules with various addresses:
1.
$TCPREMOTEINFO@$TCPREMOTEIP, if $TCPREMOTEINFO is set;
2.
$TCPREMOTEINFO@=$TCPREMOTEHOST, if $TCPREMOTEINFO is set and $TCPREMOTEHOST is set;
3.
$TCPREMOTEIP;
4.
=$TCPREMOTEHOST, if $TCPREMOTEHOST is set;
5.
shorter and shorter prefixes of $TCPREMOTEIP ending with a dot;
6.
shorter and shorter suffixes of $TCPREMOTEHOST starting with a dot, preceded by =, if $TCPREMOTEHOST is set;
7.
=, if $TCPREMOTEHOST is set; and finally
8.
the empty string.

tcpserver(1) uses the first rule it finds. You should use the -p option to tcpserver(1) if you rely on $TCPREMOTEHOST here.

For example, here are some rules:

joe@127.0.0.1:first 18.23.0.32:second :third 127.:fourth

If $TCPREMOTEIP is 10.119.75.38, tcpserver(1) will follow the third instructions.

If $TCPREMOTEIP is 18.23.0.32, tcpserver(1) will follow the second instructions.

If $TCPREMOTEIP is 127.0.0.1 and $TCPREMOTEINFO is bill, tcpserver(1) will follow the fourth instructions.

If $TCPREMOTEIP is 127.0.0.1 and $TCPREMOTEINFO is joe, tcpserver(1) will follow the first instructions.

You can use tcprulescheck(1) to see how tcpserver will interpret rules in cdb.

tcprules treats 1.2.3.37-53:ins as an abbreviation for the rules 1.2.3.37:ins, 1.2.3.38:ins, and so on up through 1.2.3.53:ins. Similarly, 10.2-3.:ins is an abbreviation for 10.2.:ins and 10.3.:ins.

The instructions in a rule must begin with either allow or deny. deny tells tcpserver(1) to drop the connection without running anything. For example, the rule
:deny

tells tcpserver(1) to drop all connections that aren't handled by more specific rules.

The instructions may continue with some environment variables, in the form var="x". tcpserver(1) adds an environment variable $var with value x. For example,

10.0.:allow,RELAYCLIENT="@fix.me"

adds an environment variable $RELAYCLIENT with value @fix.me. The quotes may be replaced by any repeated character:

10.0.:allow,RELAYCLIENT=/@fix.me/

Any number of variables may be listed:

127.0.0.1:allow,RELAYCLIENT="",TCPLOCALHOST="movie.edu"

tcpserver(1), tcprulescheck(1), argv0(1), fixcrio(1), recordio(1), rblsmtpd(1), tcpclient(1), who@(1), date@(1), finger@(1), http@(1), tcpcat(1), mconnect(1), tcp-environ(5)

http://cr.yp.to/ucspi-tcp.html

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.