diff options
| author | Lennart Poettering <lennart@poettering.net> | 2006-02-22 23:09:24 +0000 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2006-02-22 23:09:24 +0000 |
| commit | 67e74a17b34856b0f9b856fce03b5fba77cc5f5e (patch) | |
| tree | 6e4aec4443994a564116b77344d3ad51a66f7605 | |
| parent | 6f52cdcefd71fc72e11abab06fc8db01621725bb (diff) | |
reword allow-pointopoint paragraph in avahi-daemon.conf man page to stress that enabling this option might open a potential security hole and explain why this might make mDNS unreliable
git-svn-id: file:///home/lennart/svn/public/avahi/trunk@1157 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe
| -rw-r--r-- | man/avahi-daemon.conf.5.xml.in | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/man/avahi-daemon.conf.5.xml.in b/man/avahi-daemon.conf.5.xml.in index 86df421..5f59f16 100644 --- a/man/avahi-daemon.conf.5.xml.in +++ b/man/avahi-daemon.conf.5.xml.in @@ -106,7 +106,7 @@ <option> <p><opt>disallow-other-stacks=</opt> Takes a boolean value - ("yes" or "no"). If set to "yes", no other process is allowed + ("yes" or "no"). If set to "yes" no other process is allowed to bind to UDP port 5353. This effectively impedes other mDNS stacks from running on the host. Use this as a security measure to make sure that only Avahi is responsible for mDNS @@ -118,16 +118,20 @@ <option> <p><opt>allow-point-to-point=</opt> Takes a boolean value - ("yes" or "no"). If set to "yes", avahi-daemon will accept - interfaces with the POINTOPOINT flag. This option defaults - to "no" as it may be unreliable.</p> + ("yes" or "no"). If set to "yes" avahi-daemon will make use of + interfaces with the POINTOPOINT flag set. This option defaults + to "no" as it might make mDNS unreliable due to usually large + latencies with such links and opens a potential security hole + by allowing mDNS access from Internet connections. Use with + care and YMMV!</p> </option> </section> <section name="Section [wide-area]"> <option> - <p><opt>enable-wide-area=</opt> Enable wide-area DNS-SD, aka + <p><opt>enable-wide-area=</opt> Takes a boolean value + ("yes" or "no"). Enable wide-area DNS-SD, aka DNS-SD over unicast DNS. If this is enabled only domains ending in .local will be resolved on mDNS, all other domains are resolved via unicast DNS. If you want to maintain multiple |