From 3b835ea0429e9c034348fa9c1666a81df8ed144f Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Mon, 6 Jul 2026 22:15:23 +0000 Subject: Do not imply -w with -p in s6-tcpserver-access --- doc/s6-tcpserver-access.html | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'doc/s6-tcpserver-access.html') diff --git a/doc/s6-tcpserver-access.html b/doc/s6-tcpserver-access.html index 3746118..6de1ca6 100644 --- a/doc/s6-tcpserver-access.html +++ b/doc/s6-tcpserver-access.html @@ -123,8 +123,9 @@ for legacy programs that need it.
  • -p : paranoid. After looking up a name for the remote host, s6-tcpserver-access will lookup IP addresses for this name, and drop the connection if none of the results matches the address the connection -is originating from. Note that this still does not replace real -authentication via a cryptographic protocol.
  • +is originating from. For safest results, pair that option with -w +so any DNS error drops the connection. (Note that this still does not replace real +authentication via a cryptographic protocol.)
  • -l localname : use localname as the value for the ${PROTO}LOCALHOST environment variable, instead of looking it up in the DNS.
  • -- cgit v1.3.1