Provided by: openafs-client_1.8.10-2ubuntu1~22.04.2_amd64 
NAME
NetRestrict - Defines interfaces not to register with AFS servers
DESCRIPTION
There are two NetRestrict files, one for an AFS client and one for an AFS File Server or database server.
The AFS client NetRestrict file specifies the IP addresses that the client should not register with the
File Servers it connects to. The server NetRestrict file specifies what interfaces should not be
registered with AFS Database Servers or used to talk to other database servers.
FORMAT
The NetRestrict file is in ASCII format. One IP address appears on each line, in dotted decimal format.
To specify a network instead, use a slash ("/") followed by a subnet length. The order of the addresses
is not significant.
Client NetRestrict
The NetRestrict file, if present in a client machine's /etc/openafs directory, defines the IP addresses
of the interfaces that the local Cache Manager does not register with a File Server when first
establishing a connection to it. For an explanation of how the File Server uses the registered
interfaces, see NetInfo(5).
As it initializes, the Cache Manager constructs a list of interfaces to register, from the
/etc/openafs/NetInfo file if it exists, or from the list of interfaces configured with the operating
system otherwise. The Cache Manager then removes from the list any addresses that appear in the
NetRestrict file, if it exists. The Cache Manager records the resulting list in kernel memory.
To display the addresses the Cache Manager is currently registering with File Servers, use the fs
getclientaddrs command.
Server NetRestrict
The NetRestrict file, if present in the /var/lib/openafs/local directory, defines the following:
• On a file server machine, the local interfaces that the File Server (fileserver process) does not
register in the Volume Location Database (VLDB) at initialization time.
• On a database server machine, the local interfaces that the Ubik synchronization library does not use
when communicating with the database server processes running on other database server machines.
As it initializes, the File Server constructs a list of interfaces to register, from the
/var/lib/openafs/local/NetInfo file if it exists, or from the list of interfaces configured with the
operating system otherwise. The File Server then removes from the list any addresses that appear in the
NetRestrict file, if it exists. The File Server records the resulting list in the
/var/lib/openafs/local/sysid file and registers the interfaces in the VLDB. The database server processes
use a similar procedure when initializing, to determine which interfaces to use for communication with
the peer processes on other database machines in the cell.
To display the File Server interface addresses registered in the VLDB, use the vos listaddrs command.
EXAMPLES
If the File Server should not use the IP address 192.168.1.1 on one of its private interfaces, then the
NetRestrict file should contain the following:
196.168.1.1
In order to prevent the usage of any 192.168/16 addresses on its local interfaces, the NetRestrict file
should contain:
196.168.0.0/16
SEE ALSO
NetInfo(5), sysid(5), vldb.DB0(5), fileserver(8), fs_getclientaddrs(1) vos_listaddrs(1)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD
by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth
Cassell.
OpenAFS 2024-08-27 NETRESTRICT(5)