.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "NETRESTRICT 5" .TH NETRESTRICT 5 "2023-12-24" "OpenAFS" "AFS File Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" NetRestrict \- Defines interfaces not to register with AFS servers .SH "DESCRIPTION" .IX Header "DESCRIPTION" There are two \fINetRestrict\fR files, one for an \s-1AFS\s0 client and one for an \&\s-1AFS\s0 File Server or database server. The \s-1AFS\s0 client \fINetRestrict\fR file specifies the \s-1IP\s0 addresses that the client should not register with the File Servers it connects to. The server \fINetRestrict\fR file specifies what interfaces should not be registered with \s-1AFS\s0 Database Servers or used to talk to other database servers. .SS "\s-1FORMAT\s0" .IX Subsection "FORMAT" The \fINetRestrict\fR file is in \s-1ASCII\s0 format. One \s-1IP\s0 address appears on each line, in dotted decimal format. To specify a network instead, use a slash (\f(CW\*(C`/\*(C'\fR) followed by a subnet length. The order of the addresses is not significant. .SS "Client NetRestrict" .IX Subsection "Client NetRestrict" The \fINetRestrict\fR file, if present in a client machine's \fI/etc/openafs\fR directory, defines the \s-1IP\s0 addresses of the interfaces that the local Cache Manager does not register with a File Server when first establishing a connection to it. For an explanation of how the File Server uses the registered interfaces, see \fBNetInfo\fR\|(5). .PP As it initializes, the Cache Manager constructs a list of interfaces to register, from the \fI/etc/openafs/NetInfo\fR file if it exists, or from the list of interfaces configured with the operating system otherwise. The Cache Manager then removes from the list any addresses that appear in the \&\fINetRestrict\fR file, if it exists. The Cache Manager records the resulting list in kernel memory. .PP To display the addresses the Cache Manager is currently registering with File Servers, use the \fBfs getclientaddrs\fR command. .SS "Server NetRestrict" .IX Subsection "Server NetRestrict" The \fINetRestrict\fR file, if present in the \fI/var/lib/openafs/local\fR directory, defines the following: .IP "\(bu" 4 On a file server machine, the local interfaces that the File Server (\fBfileserver\fR process) does not register in the Volume Location Database (\s-1VLDB\s0) at initialization time. .IP "\(bu" 4 On a database server machine, the local interfaces that the Ubik synchronization library does not use when communicating with the database server processes running on other database server machines. .PP As it initializes, the File Server constructs a list of interfaces to register, from the \fI/var/lib/openafs/local/NetInfo\fR file if it exists, or from the list of interfaces configured with the operating system otherwise. The File Server then removes from the list any addresses that appear in the \&\fINetRestrict\fR file, if it exists. The File Server records the resulting list in the \fI/var/lib/openafs/local/sysid\fR file and registers the interfaces in the \s-1VLDB.\s0 The database server processes use a similar procedure when initializing, to determine which interfaces to use for communication with the peer processes on other database machines in the cell. .PP To display the File Server interface addresses registered in the \s-1VLDB,\s0 use the \fBvos listaddrs\fR command. .SH "EXAMPLES" .IX Header "EXAMPLES" If the File Server should not use the \s-1IP\s0 address 192.168.1.1 on one of its private interfaces, then the \fINetRestrict\fR file should contain the following: .PP .Vb 1 \& 196.168.1.1 .Ve .PP In order to prevent the usage of any 192.168/16 addresses on its local interfaces, the \fINetRestrict\fR file should contain: .PP .Vb 1 \& 196.168.0.0/16 .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBNetInfo\fR\|(5), \&\fBsysid\fR\|(5), \&\fBvldb.DB0\fR\|(5), \&\fBfileserver\fR\|(8), \&\fBfs_getclientaddrs\fR\|(1) \&\fBvos_listaddrs\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" \&\s-1IBM\s0 Corporation 2000. All Rights Reserved. .PP This documentation is covered by the \s-1IBM\s0 Public License Version 1.0. It was converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.