diff options
Diffstat (limited to 'doc/source/manual')
| -rw-r--r-- | doc/source/manual/config.rst | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/doc/source/manual/config.rst b/doc/source/manual/config.rst index 9f7d50c..f9d874e 100644 --- a/doc/source/manual/config.rst +++ b/doc/source/manual/config.rst @@ -35,17 +35,15 @@ Example config: include peers from "peers"; -| ``bind <IPv4 address>:<port> [ interface "<interface>" ] [ default [ ipv4 ] ];`` -| ``bind <IPv6 address>:<port> [ interface "<interface>" ] [ default [ ipv6 ] ];`` -| ``bind any:<port> [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];`` -| ``bind <IPv4 address> port <port> [ interface "<interface>" ] [ default [ ipv4 ] ];`` -| ``bind <IPv6 address> port <port> [ interface "<interface>" ] [ default [ ipv6 ] ];`` -| ``bind any port <port> [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];`` +| ``bind <IPv4 address>[:<port>] [ interface "<interface>" ] [ default [ ipv4 ] ];`` +| ``bind <IPv6 address>[:<port>] [ interface "<interface>" ] [ default [ ipv6 ] ];`` +| ``bind any[:<port>] [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];`` +| ``bind <IPv4 address> [port <port>] [ interface "<interface>" ] [ default [ ipv4 ] ];`` +| ``bind <IPv6 address> [port <port>] [ interface "<interface>" ] [ default [ ipv6 ] ];`` +| ``bind any [port <port>] [ interface "<interface>" ] [ default [ ipv4|ipv6 ] ];`` Sets the bind address, port and possibly interface. May be specified multiple times. The keyword - any makes fastd bind to the unspecified address for both IPv4 and IPv6. When - no bind address is configured at all, for each outgoing connection a new socket with a random - port is created. + any makes fastd bind to the unspecified address for both IPv4 and IPv6. IPv6 address must be put in square brackets. It is possible to specify an IPv6 link-local address with an interface in the usual notation (e.g. [fe80::1%eth0]). @@ -53,6 +51,15 @@ Example config: The default option makes it the default address for outgoing connections for IPv4, IPv6 or both. + When an address without port or with port 0 is configured, a new socket with a random + port will be created for each outgoing connection. This has the side effect that the + options for packet marks and interface-specific binds (except IPv6 link-local addresses) will only work with the + ``CAP_NET_ADMIN`` capability (option ``drop capabilities no`` when fastd is built with + capability support, root privileges otherwise). + + Configuring no bind address at all is equivalent to the setting ``bind any``, meaning fastd + will use a random port for each outgoing connection both for IPv4 and IPv6. + | ``cipher "<cipher>" use "<implementation>";`` |