Normaly, ypserv will read the file /var/yp/securenets. The file will look like: # allow connections from local host -- necessary 255.255.255.255 127.0.0.1 # allow connections from any host # on the 131.234.223.0 network 255.255.255.0 131.234.223.0 # allow connections from any host # between 131.234.214.0 to 131.234.215.255 255.255.254.0 131.234.214.0 An expression of the form `m.m.m.m n.n.n.n' is interpreted as a `netmask network' pair. A host address is matched if `network' is equal to the bitwise AND of the address and the `netmask'. If you doesen't have such a file or the file is empty, and you don't enable the tcp wrappers, all hosts in the world could connect to your sever. This file uses the same notation as the SunOS/Solaris ypserv. FreeBSD ypserv use a different notation, be carefull with copying this file. If you enable the tcp wrappers security lookups in the Makefile, then the server `ypserv' will use your /etc/hosts.allow and /etc/hosts.deny files (which most people already have) and not the /var/yp/securenets. You must have the library libwrap.a and log_tcp.h from the tcp_wrappers source distribution. I used version 7.4 of the wrappers. You can enable the tcp wrappers with the configure option: configure --enable-tcp-wrapper[=BASE-DIR], where BASE-DIR is an optional parameter and includes the path to the library and the includefiles. Read the tcp_wrappers manpages on how to enable/disable hosts from querying your server. One note of warning. Always use IP numbers instead of hostnames, because otherwise gethostbyname() will then call the server `ypserv', and the server is_host_valid() function will call gethostbyname() which will then call the server `ypserv' ad infinitum.... The tcp_wrappers let you easily specify a domain in number notation for all hostnames contained in the last octet. So for example in a class C network 192.16.192.0, to allow all local hosts to query your server, but deny everyone else you can specify the following lines: In /etc/hosts.allow ypserv: 192.16.192. and the /etc/hosts.deny file ypserv: ALL