Provided by: openafs-client_1.8.10-2ubuntu1~23.10.1_amd64 bug

NAME

       NetRestrict - Defines interfaces not to register with AFS servers

DESCRIPTION

       There are two NetRestrict files, one for an AFS client and one for an AFS File Server or
       database server.  The AFS client NetRestrict file specifies the IP addresses that the
       client should not register with the File Servers it connects to.  The server NetRestrict
       file specifies what interfaces should not be registered with AFS Database Servers or used
       to talk to other database servers.

   FORMAT
       The NetRestrict file is in ASCII format. One IP address appears on each line, in dotted
       decimal format.  To specify a network instead, use a slash ("/") followed by a subnet
       length.  The order of the addresses is not significant.

   Client NetRestrict
       The NetRestrict file, if present in a client machine's /etc/openafs directory, defines the
       IP addresses of the interfaces that the local Cache Manager does not register with a File
       Server when first establishing a connection to it. For an explanation of how the File
       Server uses the registered interfaces, see NetInfo(5).

       As it initializes, the Cache Manager constructs a list of interfaces to register, from the
       /etc/openafs/NetInfo file if it exists, or from the list of interfaces configured with the
       operating system otherwise.  The Cache Manager then removes from the list any addresses
       that appear in the NetRestrict file, if it exists. The Cache Manager records the resulting
       list in kernel memory.

       To display the addresses the Cache Manager is currently registering with File Servers, use
       the fs getclientaddrs command.

   Server NetRestrict
       The NetRestrict file, if present in the /var/lib/openafs/local directory, defines the
       following:

       •   On a file server machine, the local interfaces that the File Server (fileserver
           process) does not register in the Volume Location Database (VLDB) at initialization
           time.

       •   On a database server machine, the local interfaces that the Ubik synchronization
           library does not use when communicating with the database server processes running on
           other database server machines.

       As it initializes, the File Server constructs a list of interfaces to register, from the
       /var/lib/openafs/local/NetInfo file if it exists, or from the list of interfaces
       configured with the operating system otherwise. The File Server then removes from the list
       any addresses that appear in the NetRestrict file, if it exists. The File Server records
       the resulting list in the /var/lib/openafs/local/sysid file and registers the interfaces
       in the VLDB. The database server processes use a similar procedure when initializing, to
       determine which interfaces to use for communication with the peer processes on other
       database machines in the cell.

       To display the File Server interface addresses registered in the VLDB, use the vos
       listaddrs command.

EXAMPLES

       If the File Server should not use the IP address 192.168.1.1 on one of its private
       interfaces, then the NetRestrict file should contain the following:

          196.168.1.1

       In order to prevent the usage of any 192.168/16 addresses on its local interfaces, the
       NetRestrict file should contain:

          196.168.0.0/16

SEE ALSO

       NetInfo(5), sysid(5), vldb.DB0(5), fileserver(8), fs_getclientaddrs(1) vos_listaddrs(1)

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted
       from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by
       Alf Wachsmann and Elizabeth Cassell.