Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   22533 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

tcprules(1)							   tcprules(1)

NAME
       tcprules - compile rules for tcpserver

SYNOPSIS
       tcprules rules.cdb rules.tmp

OVERVIEW
       tcpserver  optionally  follows rules to decide whether a TCP connection
       is acceptable.  For example, a rule of

	  18.23.0.32:deny

       prohibits connections from IP address 18.23.0.32.

       tcprules reads rules from its  standard	input  and  writes  them  into
       rules.cdb in a binary format suited for quick access by tcpserver.

       tcprules	 can  be  used	while  tcpserver  is  running: it ensures that
       rules.cdb is updated atomically.	 It does this  by  first  writing  the
       rules  to  rules.tmp and then moving rules.tmp on top of rules.cdb.  If
       rules.tmp already exists, it is destroyed.  The directories  containing
       rules.cdb and rules.tmp must be writable to tcprules; they must also be
       on the same filesystem.

       If there is a problem with the input,  tcprules	complains  and	leaves
       rules.cdb alone.

       The binary rules.cdb format is portable across machines.

RULE FORMAT
       A  rule	takes  up  one line.  A file containing rules may also contain
       comments: lines beginning with # are ignored.

       Each rule contains an address, a colon, and  a  list  of	 instructions,
       with  no	 extra spaces.	When tcpserver receives a connection from that
       address, it follows the instructions.

ADDRESSES
       tcpserver  starts  by  looking  for  a  rule  with  address  TCPREMOTE‐
       INFO@TCPREMOTEIP.   If  it doesn't find one, or if TCPREMOTEINFO is not
       set, it tries the address TCPREMOTEIP.  If that doesn't work, it	 tries
       shorter and shorter prefixes of TCPREMOTEIP ending with a dot.  If none
       of them work, it tries the empty string.

       For example, here are some rules:

	  joe@127.0.0.1:first
	  18.23.0.32:second
	  127.:third
	  :fourth
	  ::1:fifth

       If TCPREMOTEIP  is  10.119.75.38,  tcpserver  will  follow  the	fourth
       instructions.

       If  TCPREMOTEIP	is  ::1, tcpserver will follow the fifth instructions.
       Note that you cannot detect IPv4 mapped addresses by matching "::ffff",
       as  those  addresses  will  be  converted to IPv4 before looking at the
       rules.

       If TCPREMOTEIP is 18.23.0.32, tcpserver will follow the second instruc‐
       tions.

       If  TCPREMOTEINFO  is bill and TCPREMOTEIP is 127.0.0.1, tcpserver will
       follow the third instructions.

       If TCPREMOTEINFO is joe and TCPREMOTEIP is  127.0.0.1,  tcpserver  will
       follow the first instructions.

ADDRESS RANGES
       tcprules	 treats	 1.2.3.37-53:ins  as  an  abbreviation	for  the rules
       1.2.3.37:ins, 1.2.3.38:ins, and so on up through	 1.2.3.53:ins.	 Simi‐
       larly, 10.2-3.:ins is an abbreviation for 10.2.:ins and 10.3.:ins.

INSTRUCTIONS
       The  instructions in a rule must begin with either allow or deny.  deny
       tells tcpserver to drop the connection without running  anything.   For
       example, the rule

	  :deny

       tells  tcpserver	 to  drop  all connections that aren't handled by more
       specific rules.

       The instructions may continue with some environment variables,  in  the
       format  ,VAR="VALUE".  tcpserver adds VAR=VALUE to the current environ‐
       ment.  For example,

	  10.0.:allow,RELAYCLIENT="@fix.me"

       adds RELAYCLIENT=@fix.me to the environment.  The quotes	 here  may  be
       replaced by any repeated character:

	  10.0.:allow,RELAYCLIENT=/@fix.me/

       Any number of variables may be listed:

	  127.0.0.1:allow,RELAYCLIENT="",TCPLOCALHOST="movie.edu"

SEE ALSO
       tcprulescheck(1), tcpserver(1), tcp-environ(5)

								   tcprules(1)

Vote for polarhome