This chapter provides important information about netperm table setup. You can modify the netperm table using your favorite text editor.
 | Note: Be sure to make a backup copy of the original netperm table. Do not edit in the section labeled Computer Generated Area (between the #BEGIN WARNING and #END WARNING marks). |
With a few exceptions, you do not need to restart the proxies for the changes to take effect. Each time the proxies start new processes, they check the last modification time of the netperm table. If the time has changed, the proxies reread the netperm table. However, there are several proxies that must be restarted when you make changes to certain attributes. Chapter 4, “Attribute Reference,” lists each attribute and notes whether restart is necessary.
This chapter contains information on the netperm table syntax in the following sections:
Applications and proxies read the rules from the top of the table to the bottom. They use the first rule that applies for a particular attribute. If there are multiple rules in the table that could apply for an attribute, the application uses the first one it finds.
For example, a netperm table attribute contains the following rule:
smapd: userid uucp |
and later in the file contains the rule:
smapd: userid mail |
When smapd parses the netperm table, it uses the first rule it finds, and runs as the user uucp.
Each line in the netperm table contains a separate configuration rule in the format:
keyword: attribute valuelist
where:
keyword indicates the application to which the rule applies. The wildcard (*) indicates the rule is valid for all applications and proxies. A comma-separated list of multiple keywords indicates the rules applies to all of the applications in the list. The keyword usually matches the name of the service or the value of the -as flag in the startup script.
attribute is a configuration parameter for the application or proxy.
valuelist is the value for the specific configuration parameter. Some attributes allow multiple values.
A rule must fit on a single line. The length of a line varies by operating system, but is usually around 1,024 bytes. There is no provision for continuing lines.
The keyword(s), attribute, and value list can be separated by spaces or tabs.
A hash mark (#) at the beginning of a line indicates a comment. Applications ignore any text between the hash mark at the beginning of the line and the end of the line. If the hash mark appears later in the line, applications treat the hash mark as a normal character. Applications treat the following line as a comment:
#set timeout to five minutes |
Applications treat the following line as invalid syntax:
tn-gw: timeout 3000 #set timeout to five minutes |
| Note: Some default comments in the netperm table include information for the substitution driver. They begin with #%subs-start and end with #%subs-end. Do not delete these lines. |
The following table lists some common keywords for proxies and other applications. You can create your own keywords. Be sure that the keyword matches the value for the -as name flag you used when starting the proxy in a startup script
Table 2-1. Common Keywords and Associated Applications
Keyword | Application |
|---|---|
ahttp-gw | Authenticating HTTP proxy (using the HTTP proxy) |
aol-gw | America Online proxy (using the plug proxy with -as) |
authenIP | IP screening configuration applications |
authsrv | Authentication server |
ck-gw | Circuit proxy |
cserve-gw | CompuServe proxy (using the plug proxy with -as) |
finger | Proxy for finger. |
ftp-gw | FTP proxy |
gopher-gw | Gopher proxy (using the HTTP proxy with -as) |
gui | Gauntlet Firewall Manager |
http-gw | HTTP proxy |
info-gw | Web and Gopher server (Info proxy) |
lnotes-gw | Lotus Notes proxy (using the plug proxy with -as) |
login-sh | Login shell |
lp-gw | Line printer proxy |
mbase-gw | MediaBase proxy |
mmp | Multimedia proxy |
mssql-gw | Microsoft SQL proxy |
netacl-fingerd | Network access control proxy running finger service |
netacl-ftpd | Network access control proxy running FTP service |
netacl-rlogind | Network access control proxy running rlogin service |
netacl-telnetd | Network access control proxy running telnet service |
netconfig | IP screening configuration applications |
NetShow | NetShow proxy (using the mmp proxy) |
nntp-gw | NNTP news proxy (using the plug proxy with -as) |
pcxdpp | PC Extender DPP daemon |
plug-gw | Plug proxy |
policy-name | Policy |
pop3-gw | POP3 mail proxy |
radm | Remote administration scripts |
RealAudio | RealAudio/RealVideo proxy (using the mmp proxy) |
rlogin-gw | Rlogin proxy |
rsh-gw | Remote shell proxy |
smap | SMTP mail client |
smapd | SMTP mail server |
snmpd | SNMP network management agent |
snmp-gw | SNMP network management proxy |
ssl-gw | SSL proxy (using the plug proxy with -as) |
strmwrks-gw | Streamworks proxy |
syb-gw | Sybase proxy |
tn-gw | TELNET proxy |
VDOLive | VDOLive proxy (using the mmp proxy) |
whois | whois proxy (using the plug proxy with -as) |
x-gw | X11 proxy |
Attributes vary by proxy and application, though some attributes are common to multiple applications. Consult the reference information in Chapter 4, “Attribute Reference,” for more information on applicable attributes and values.