From db69080b84193a082e2450885e70eaac611b7739 Mon Sep 17 00:00:00 2001 From: itojun Date: Sun, 12 Mar 2000 16:47:24 +0000 Subject: [PATCH] improve SECURITY section. (sync with kame) --- usr.sbin/faithd/faithd.8 | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/usr.sbin/faithd/faithd.8 b/usr.sbin/faithd/faithd.8 index 357d380f4170..1ae1ab739207 100644 --- a/usr.sbin/faithd/faithd.8 +++ b/usr.sbin/faithd/faithd.8 @@ -25,8 +25,8 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $NetBSD: faithd.8,v 1.5 2000/02/25 10:05:26 itojun Exp $ -.\" KAME Id: faithd.8,v 1.4 2000/01/22 07:56:48 itojun Exp +.\" $NetBSD: faithd.8,v 1.6 2000/03/12 16:47:24 itojun Exp $ +.\" KAME Id: faithd.8,v 1.5 2000/03/12 16:44:58 itojun Exp .\" .Dd May 17, 1998 .Dt FAITHD 8 @@ -249,6 +249,20 @@ and other IP-address based authentication, for connections relayed by .Po and any other TCP relaying services .Pc . +.Pp +.Nm +itself does not implement access controls, as +it intends to implement transparent TCP relay services. +Administrators are advised to filter packets based on IPv6 address. +IPv6 destination address can be limited by +configuring routing entries that points to +.Xr faith 4 , +using +.Xr route 8 . +IPv6 source address needs to be filtered by using packet filters. +Documents listed in +.Sx SEE ALSO +have more discussions on this topic. .\" .Sh HISTORY The