bzfrelay man page on IRIX

Man page or keyword search:  
man Server   31559 pages
apropos Keyword Search (all sections)
Output format
IRIX logo
[printable version]

bzfrelay(6)					      bzfrelay(6)

NAME
       bzfrelay - BZFlag game server firewall relay

SYNOPSIS
       bzfrelay	 [-a  address  mask] [-d] [-f] [-h] [-p port] [-r
       address mask] [-s [address][:port]] address[:port]

DESCRIPTION
       Bzfrelay relays communication  between  bzflag  and  bzfs.
       It's  primary  purpose  is  to  provide	a  tunnel to bzfs
       through a firewall.

       Because security is a prime concern on a	 firewall,  users
       are  encouraged	to  read  the source code and run it with
       restricted permissions.	Also bzfrelay rejects connections
       from any clients not explicitly allowed and the default is
       to reject all connections; you must  use	 the  options  to
       allow some connections for bzfrelay to be useful.

       In  the interests of security (and because there's no need
       for it) bzfrelay provides no means to escape to	a  shell,
       start  executables,  access  the filesystem, report system
       resources, etc.

   Options
	      -a address mask
			     Allow addresses matching address and
			     mask.   An	 address  src matches iff
			     (src & mask) ==  (address	&  mask).
			     This option may appear any number of
			     times.

	      -d	     Increase  debugging   level.    This
			     option  may  be  specified	 multiple
			     times to increase logging.

	      -f	     Run in the	 foreground  and  log  to
			     stderr.   Default	is to detach from
			     the terminal and log to syslog.

	      -h	     Print  help  information  and  exit.
			     The  help	information  includes the
			     default connect and reconnect ports.

	      -p port	     Listen  for  reconnections	 on  port
			     instead of the default.  The  BZFlag
			     protocol	is   broken  in	 that  it
			     requires clients to connect  to  the
			     server,  get a port to reconnect to,
			     disconnect, and reconnect on the new
			     port  (there's  no	 reason	 for this
			     except   backward	  compatibility).
			     This  option  overrides  the default
			     reconnect port number.  Packet  fil-
			     ters on the firewall must be config-
			     ured to allow  TCP	 packets  to  and
			     from this port; clients will be ini-
			     tiating the connection.  Use  -h  to
			     get  the  default	reconnection port
			     number.

	      -r address mask
			     Reject  addresses	matching  address
			     and  mask.	  An  address src matches
			     iff  (src	&  mask)  ==  (address	&
			     mask).   This  option may appear any
			     number of times.

	      -s [address][:port]
			     Listen for connections  on	 port  at
			     address.	The default is to use the
			     standard bzfs port and to listen  on
			     all  interfaces.	Either address or
			     port can be omitted, but  not  both;
			     the  default  is  used  for the omit
			     argument.	 Packet	 filters  on  the
			     firewall must be configured to allow
			     TCP packets to and	 from  this  port
			     and address;  clients will be initi-
			     ating the connection.  Use -h to get
			     the  default connection port number.

	      address[:port] Relay packets to the bzfs server  on
			     port  port	 at  address.  If port is
			     not specified then the standard bzfs
			     port is used.  Packet filters on the
			     firewall must be configured to allow
			     packets to and from this address and
			     port, but note that bzfrelay will be
			     initiating	 these	TCP  connections.
			     This argument is required.

   Notes
       Addresses are matched against -a and  -r	 options  in  the
       order  they  appear  on	the  command line.  An address is
       accepted as soon as it matches an -a set and  rejected  as
       soon  as	 it matches an -r set, so you must list more spe-
       cific sets before  more	general	 sets.	 An  address  not
       matching any set is rejected.

   Examples
       To  allow  clients  from	 any host in the 192.0.2 net only
       use: "-a 192.0.2.0 255.255.255.0".

       To allow clients from any host except those in the 192.0.2
       subnet	use:   "-r  192.0.2.0  255.255.255.0  -a  0.0.0.0
       0.0.0.0".  To also allow host 192.0.2.1 use: "-a 192.0.2.1
       255.255.255.255	-r  192.0.2.0  255.255.255.0  -a  0.0.0.0
       0.0.0.0".

       To allow clients from any host use: "-a 0.0.0.0	0.0.0.0".
       This is not recommended.

BUGS
       Bzfrelay	 uses  IP  addresses  for  authentication  and is
       therefore vulnerable to address spoofing attacks.

SEE ALSO
       bzfs(6)

						      bzfrelay(6)
[top]

List of man pages available for IRIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net