The -i option takes the interface name as an argument and is used with the -o option to enable or disable SKIP for a particular interface. If this option is not specified skiphost operates on the system's primary network interface.

-f

This option is used to remove (flush) all ACL entries from a given network interface. This option will automatically disable SKIP. 

-h

This option is used to display the SKIP statistics for a given network interface. 

-o

This option enables and disables SKIP. To enable SKIP, use -o on, to disable SKIP use -o off.

-P

Adding this option to skiphost prints the current access control list in a format that is suitable for execution in a shell script. 

-V

Adding this option to skiphost prints the current access control list in a name=value verbose format. 

hostname/IP addresss

Takes the -M mask argument. skiphost used without any options, checks if the system hostname or network exists in the access control list and displays its parameters.

-a

Adds the hostname or network (specified using the hostname/address -M-M mask argument) to the access control list and enables traffic between the hosts in the clear. To add hostname or network and enable encrypted and/or authenticated traffic to the host, use the -k, -m and/or -t options. For more arguments, see the description of *.

-d

Removes hostname, network or nomadic system from the access control list. Also takes hostname/IP address/* -M mask as well as other option specific arguments. For more arguments, see the description of *.

-x

Excludes hostname, network or nomadic system from the access control list. Also takes hostname/IP address/* -M mask as well as other option specific arguments. For more arguments, see the description of *.

-a '*'

This option is used to specify a nomadic system. It must be used in conjunction with the authentication and receiver key ID options. To encrypt and/or authenticate communications with a remote system the following options should be used: 

-k key algorithm

Specifies the key encryption algorithm or encrypting keys. A list of supported algorithms is available using the skipstat(1M) command.

-t crypt algorithm

Specifies the traffic encryption algorithm for encrypting traffic (bulk data). 

-m mac algorithm

Specifies the authentication algorithm. 

-c comp algorithm

Specifies the compression algorithm. Not currently implemented. 

-r receiver NSID -R Receiver keyID -s sender NSID -S Sender keyID

The Key Name Space Identifier (NSID) options (-r and -s) are used to control the identification of keying information in the SKIP protocol. They take numeric values from 0 to 11. The remote keyId option (-R) and local keyIDoption (-S) take a hexadecimal value of different lengths, depending on the name space being used. The default NSID values (0, "Not Present") are normally acceptable for most applications. Currently only name spaces 0 ("Not Present"), 1 ("IPv4 address" and 8 ("MD5 DH public values") are supported.

-v SKIP version

SKIP can use an old version of the protocol to communicate with SunScreen SPF-100 and Sun Screen SPF-100G systems. To use this mode, specify the -v 1 option. If no version is specified, skiphost will use SKIP version 2 by default.

-A tunnel address

This option is used in tunneling mode to replace the destination address in outgoing packets with the supplied value. This permits hiding of network topology. By default, the tunnel address is set to the destination address. 

-T

Encrypt or authenticate only the data part of the IP packet. By default, SKIP uses tunneling mode and protects the whole packet.