Provided by: openafs-client_1.8.10-2ubuntu1~23.10.1_amd64
NAME
NetRestrict - Defines interfaces not to register with AFS servers
DESCRIPTION
There are two NetRestrict files, one for an AFS client and one for an AFS File Server or database server. The AFS client NetRestrict file specifies the IP addresses that the client should not register with the File Servers it connects to. The server NetRestrict file specifies what interfaces should not be registered with AFS Database Servers or used to talk to other database servers. FORMAT The NetRestrict file is in ASCII format. One IP address appears on each line, in dotted decimal format. To specify a network instead, use a slash ("/") followed by a subnet length. The order of the addresses is not significant. Client NetRestrict The NetRestrict file, if present in a client machine's /etc/openafs directory, defines the IP addresses of the interfaces that the local Cache Manager does not register with a File Server when first establishing a connection to it. For an explanation of how the File Server uses the registered interfaces, see NetInfo(5). As it initializes, the Cache Manager constructs a list of interfaces to register, from the /etc/openafs/NetInfo file if it exists, or from the list of interfaces configured with the operating system otherwise. The Cache Manager then removes from the list any addresses that appear in the NetRestrict file, if it exists. The Cache Manager records the resulting list in kernel memory. To display the addresses the Cache Manager is currently registering with File Servers, use the fs getclientaddrs command. Server NetRestrict The NetRestrict file, if present in the /var/lib/openafs/local directory, defines the following: • On a file server machine, the local interfaces that the File Server (fileserver process) does not register in the Volume Location Database (VLDB) at initialization time. • On a database server machine, the local interfaces that the Ubik synchronization library does not use when communicating with the database server processes running on other database server machines. As it initializes, the File Server constructs a list of interfaces to register, from the /var/lib/openafs/local/NetInfo file if it exists, or from the list of interfaces configured with the operating system otherwise. The File Server then removes from the list any addresses that appear in the NetRestrict file, if it exists. The File Server records the resulting list in the /var/lib/openafs/local/sysid file and registers the interfaces in the VLDB. The database server processes use a similar procedure when initializing, to determine which interfaces to use for communication with the peer processes on other database machines in the cell. To display the File Server interface addresses registered in the VLDB, use the vos listaddrs command.
EXAMPLES
If the File Server should not use the IP address 192.168.1.1 on one of its private interfaces, then the NetRestrict file should contain the following: 196.168.1.1 In order to prevent the usage of any 192.168/16 addresses on its local interfaces, the NetRestrict file should contain: 196.168.0.0/16
SEE ALSO
NetInfo(5), sysid(5), vldb.DB0(5), fileserver(8), fs_getclientaddrs(1) vos_listaddrs(1)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.