summaryrefslogtreecommitdiff
path: root/html/access.html
diff options
context:
space:
mode:
Diffstat (limited to 'html/access.html')
-rw-r--r--html/access.html4
1 files changed, 2 insertions, 2 deletions
diff --git a/html/access.html b/html/access.html
index 3489f8fbd99a6..248def1830bb3 100644
--- a/html/access.html
+++ b/html/access.html
@@ -19,7 +19,7 @@ color: #FF0000;
<p><img src="pic/pogo6.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a></p>
<p>The skunk watches for intruders and sprays.</p>
<p>Last update:
- <!-- #BeginDate format:En2m -->11-Sep-2010 05:53<!-- #EndDate -->
+ <!-- #BeginDate format:En2m -->26-Jul-2017 20:10<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
@@ -32,7 +32,7 @@ color: #FF0000;
<p>The ACL is specified as a list of <tt>restrict</tt> commands in the following format:</p>
<p><tt>restrict <i>address</i> [mask <i>mask</i>] [<i>flag</i>][...]</tt></p>
<p>The <tt><i>address</i></tt> argument expressed in dotted-quad form is the address of a host or network. Alternatively, the <tt><i>address</i></tt> argument can be a valid host DNS name. The <tt><i>mask</i></tt> argument expressed in IPv4 or IPv6 numeric address form defaults to all mask bits on, meaning that the <tt><i>address</i></tt> is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and address :: mask :: for IPv6) is always the first entry in the list. <tt>restrict default</tt>, with no mask option, modifies both IPv4 and IPv6 default entries. <tt>restrict source</tt> configures a template restriction automatically added at runtime for each association, whether configured, ephemeral, or preemptable, and removed when the association is demobilized.</p>
-<p>Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags. are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.</p>
+<p>Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.</p>
<p>An example may clarify how it works. Our campus has two class-B networks, 128.4 for the ECE and CIS departments and 128.175 for the rest of campus. Let's assume (not true!) that subnet 128.4.1 homes critical services like class rosters and spread sheets. A suitable ACL might look like this:</p>
<pre>
restrict default nopeer # deny new associations
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 23:36:19 +0000