improve SECURITY section. (sync with kame)

2000-03-12 16:47:24 +00:00 · 2000-03-12 16:47:24 +00:00 · db69080b84
parent a57fa19957
commit db69080b84
1 changed files with 16 additions and 2 deletions
--- a/usr.sbin/faithd/faithd.8
+++ b/usr.sbin/faithd/faithd.8
@ -25,8 +25,8 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.\"	$NetBSD: faithd.8,v 1.5 2000/02/25 10:05:26 itojun Exp $
-.\"	KAME Id: faithd.8,v 1.4 2000/01/22 07:56:48 itojun Exp
+.\"	$NetBSD: faithd.8,v 1.6 2000/03/12 16:47:24 itojun Exp $
+.\"	KAME Id: faithd.8,v 1.5 2000/03/12 16:44:58 itojun Exp
 .\"
 .Dd May 17, 1998
 .Dt FAITHD 8
@ -249,6 +249,20 @@ and other IP-address based authentication, for connections relayed by
 .Po
 and any other TCP relaying services
 .Pc .
+.Pp
+.Nm
+itself does not implement access controls, as 
+it intends to implement transparent TCP relay services.
+Administrators are advised to filter packets based on IPv6 address.
+IPv6 destination address can be limited by
+configuring routing entries that points to
+.Xr faith 4 ,
+using
+.Xr route 8 .
+IPv6 source address needs to be filtered by using packet filters.
+Documents listed in
+.Sx SEE ALSO
+have more discussions on this topic.
 .\"
 .Sh HISTORY
 The