man pages section 4: File Formats

Exit Print View

Updated: July 2014
 
 

securenets(4)

Name

securenets - configuration file for NIS security

Synopsis

/var/yp/securenets

Description

The /var/yp/securenets file defines the networks or hosts which are allowed access to information by the Network Information Service (“NIS”).

The format of the file is as follows:

  • Lines beginning with the ``#'' character are treated as comments.

  • Otherwise, each line contains two fields separated by white space. The first field is a netmask, the second a network.

  • The netmask field may be either 255.255.255.255 (IPv4), ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff (IPv6) , or the string ``host'' indicating that the second field is a specific host to be allowed access.

Both ypserv(1M) and ypxfrd(1M) use the /var/yp/securenets file. The file is read when the ypserv(1M) and ypxfrd(1M) daemons begin. If /var/yp/securenets is present, ypserv (1M) and ypxfrd(1M) respond only to IP addresses in the range given. In order for a change in the /var/yp/securenets file to take effect, you must kill and restart any active daemons using ypstop(1M) and ypstart(1M).

An important thing to note for all the examples below is that the server must be allowed to access itself. You accomplish this either by the server being part of a subnet that is allowed to access the server, or by adding an individual entry, as the following:

host 127.0.0.1

Examples

Example 1 Giving Access for Individual Machines

If individual machines are to be given access, the entry could be:

255.255.255.255	192.9.1.20

or

host	192.0.1.20
Example 2 Giving Access to an Entire Class C Network

If access is to be given to an entire class C network, the entry could be:

255.255.255.0	192.9.1.0
Example 3 Giving Access to a Class B Network

If access is to be given to a class B network, the entry could be:

255.255.0.0	9.9.0.0
Example 4 Giving Access for an Individual IPv6 Address

To allow access for an individual IPv6 address:

ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff  fec0::111:abba:ace0:fba5e:1

or

host  fec0::111:abba:ace0:fba5e:1
Example 5 Giving Access for all IPv6 Addresses Starting with fe80

To allow access for all IPv6 addresses starting with fe80:

ffff::  fe80::

Files

/var/yp/securenets

Configuration file for NIS security.

See also

ypserv(1M), ypstart(1M), ypstop(1M), ypxfrd(1M)

Notes

The Network Information Service (NIS) was formerly known as Sun Yellow Pages (YP). The functionality of the two remains the same; only the name has changed. The name Yellow Pages is a registered trademark in the United Kingdom of British Telecommunications plc, and may not be used without permission.