This document applies if and only if setup-daemontools.sh has been used to set up leafnode for use with daemontools. These are configurable parameters that deal with leafnode accepting connections: 1. The IP leafnode is listening on. It defaults to 127.0.0.1 (localhost). Only the leafnode computer can connect to itself, and only to 127.0.0.1, not to other local addresses. To change this, a) edit the first line of /service/leafnode-1/env/LISTENIP, and b) run: /command/svc -t /service/leafnode-1 This is necessary to restart tcpserver to let it notice the LISTENIP change. Warning: This will abort all pending connections, but most newsreaders should recover from this. WARNING: You will also need to edit the nntp.rules file and rebuild the nntp.cdb file, see section 3 below. You can place "0" (without the quotes) on the first line to let leafnode listen to all interfaces. This can be used for multi-homed hosts (hosts with more than one external interface). 2. The maximum number of clients that can be connected at the same time. It defaults to 7. To change this, a) edit the first line of /service/leafnode-1/env/MAXCONNECTIONS and b) run: /command/svc -t /service/leafnode-1 (this will abort all pending connections, but most newsreaders should recover from this) 3. The access rules. They default to: 127.0.0.1:allow :deny The last line is a wildcard used when no other rule matches. The corresponding rule is accessed directly. You can also write IP ranges, such as 192.168.0.5-9, and wildcards, such as 172.16. which means 172.16.0.0 to 172.16.255.255 (65536 addresses). Details are at Dan J. Bernstein's home page, http://cr.yp.to/ucspi-tcp/tcprules.html To edit the access control, do this: a) type: cd /service/leafnode-1 b) edit the nntp.rules file c) type: make Step c) transforms the human-readable nntp.rules file into the tcpserver-readable nntp.cdb file. You do NOT need to use svc -t, tcpserver will automatically heed the newly-updated nntp.cdb file (in contrast to the LISTENIP change above). Existing connections that then have a "deny" instruction will NOT be terminated however. NOTE: leafnode has another last line of defense against inadvertently opening the own computer to the wide world, that will prevent access from non-local IP addresses. If you have a friend on a static IP outside your LAN whom you want to give leafnode access, you must also edit leafnode's config file. Look there for "allowstrangers". (C) 2002 by Matthias Andree, see COPYING for the licensing conditions.