summaryrefslogtreecommitdiff
path: root/lib/libwrap/hosts_access.5
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2004-02-19 22:25:39 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2004-02-19 22:25:39 +0000
commit4107b37106c62669d025bed1f2f3962213c54317 (patch)
tree00b036c361e38b7846f65503328844503d0a013b /lib/libwrap/hosts_access.5
parent06ec923df520fbf7e875ad8175897e5fbf3ae208 (diff)
new sentence, new line;
Diffstat (limited to 'lib/libwrap/hosts_access.5')
-rw-r--r--lib/libwrap/hosts_access.517
1 files changed, 10 insertions, 7 deletions
diff --git a/lib/libwrap/hosts_access.5 b/lib/libwrap/hosts_access.5
index 489f1c955da..5aec38b9276 100644
--- a/lib/libwrap/hosts_access.5
+++ b/lib/libwrap/hosts_access.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: hosts_access.5,v 1.22 2004/02/19 22:20:05 jmc Exp $
+.\" $OpenBSD: hosts_access.5,v 1.23 2004/02/19 22:25:38 jmc Exp $
.\"
.\" Copyright (c) 1997, Jason Downs. All rights reserved.
.\"
@@ -123,7 +123,8 @@ The access control language implements the following patterns:
.It
A string that begins with a
.Sq \&.
-character. A host name is matched if
+character.
+A host name is matched if
the last components of its name match the specified pattern.
For example, the pattern
.Sq .tue.nl
@@ -150,7 +151,8 @@ An expression of the form
.Sq n.n.n.n/m.m.m.m
is interpreted as a
.Sq net/mask
-pair. A host address is matched if
+pair.
+A host address is matched if
.Sq net
is equal to the bitwise AND of the address and the
.Sq mask .
@@ -341,8 +343,8 @@ The default timeout for username lookups is 10 seconds: too short to cope
with slow networks, but long enough to irritate PC users.
.El
.Pp
-Selective username lookups can alleviate the last problem. For example,
-a rule like:
+Selective username lookups can alleviate the last problem.
+For example, a rule like:
.Pp
.Dl daemon_list\ \&: @pcnetgroup ALL@ALL
.Pp
@@ -468,8 +470,9 @@ for infinite finger loops.
.Pp
On network firewall systems this trick can be carried even further.
The typical network firewall only provides a limited set of services to
-the outer world. All other services can be "bugged" just like the above
-tftp example. The result is an excellent early-warning system.
+the outer world.
+All other services can be "bugged" just like the above tftp example.
+The result is an excellent early-warning system.
.Sh FILES
.Bl -tag -width /etc/hosts.allow -compact
.It Pa /etc/hosts.allow