NAME¶
NetRestrict - Defines interfaces not to register with AFS servers
DESCRIPTION¶
There are two
NetRestrict files, one for an AFS client and one for an AFS
File Server or database server. The AFS client
NetRestrict file
specifies the IP addresses that the client should not register with the File
Servers it connects to. The server
NetRestrict file specifies what
interfaces should not be registered with AFS Database Servers or used to talk
to other database servers.
The
NetRestrict file is in ASCII format. One IP address appears on each
line, in dotted decimal format. The order of the addresses is not significant.
There is currently no mechanism to specify a range of addresses or a wildcard;
each IP address must be listed individually.
Client NetRestrict¶
The
NetRestrict file, if present in a client machine's
/etc/openafs directory, defines the IP addresses of the interfaces that
the local Cache Manager does not register with a File Server when first
establishing a connection to it. For an explanation of how the File Server
uses the registered interfaces, see
NetInfo(5).
As it initializes, the Cache Manager constructs a list of interfaces to
register, from the
/etc/openafs/NetInfo file if it exists, or from the
list of interfaces configured with the operating system otherwise. The Cache
Manager then removes from the list any addresses that appear in the
NetRestrict file, if it exists. The Cache Manager records the resulting
list in kernel memory.
The
NetRestrict file is in ASCII format. One IP address appears on each
line, in dotted decimal format. The order of the addresses is not significant.
To display the addresses the Cache Manager is currently registering with File
Servers, use the
fs getclientaddrs command.
Server NetRestrict¶
The
NetRestrict file, if present in the
/var/lib/openafs/local
directory, defines the following:
- •
- On a file server machine, the local interfaces that the File Server (
fileserver process) does not register in the Volume Location
Database (VLDB) at initialization time.
- •
- On a database server machine, the local interfaces that the Ubik
synchronization library does not use when communicating with the database
server processes running on other database server machines.
As it initializes, the File Server constructs a list of interfaces to register,
from the
/var/lib/openafs/local/NetInfo file if it exists, or from the
list of interfaces configured with the operating system otherwise. The File
Server then removes from the list any addresses that appear in the
NetRestrict file, if it exists. The File Server records the resulting
list in the
/var/lib/openafs/local/sysid file and registers the
interfaces in the VLDB. The database server processes use a similar procedure
when initializing, to determine which interfaces to use for communication with
the peer processes on other database machines in the cell.
To display the File Server interface addresses registered in the VLDB, use the
vos listaddrs command.
SEE ALSO¶
NetInfo(5),
sysid(5),
vldb.DB0(5),
fileserver(8),
fs_getclientaddrs(1) vos_listaddrs(1)
COPYRIGHT¶
IBM Corporation 2000. <
http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.