NETRESTRICT(5) AFS File Reference NETRESTRICT(5)NAMENetRestrict - Defines interfaces not to register with AFS servers
DESCRIPTION
There are two NetRestrict files, one for an AFS client and one for an
AFS File Server or database server. The AFS client NetRestrict file
specifies the IP addresses that the client should not register with the
File Servers it connects to. The server NetRestrict file specifies
what interfaces should not be registered with AFS Database Servers or
used to talk to other database servers.
FORMAT
The NetRestrict file is in ASCII format. One IP address appears on each
line, in dotted decimal format. The order of the addresses is not
significant. There is currently no mechanism to specify a range of
addresses or a wildcard; each IP address must be listed individually.
Client NetRestrict
The NetRestrict file, if present in a client machine's /usr/vice/etc
directory, defines the IP addresses of the interfaces that the local
Cache Manager does not register with a File Server when first
establishing a connection to it. For an explanation of how the File
Server uses the registered interfaces, see NetInfo(5).
As it initializes, the Cache Manager constructs a list of interfaces to
register, from the /usr/vice/etc/NetInfo file if it exists, or from the
list of interfaces configured with the operating system otherwise. The
Cache Manager then removes from the list any addresses that appear in
the NetRestrict file, if it exists. The Cache Manager records the
resulting list in kernel memory.
The NetRestrict file is in ASCII format. One IP address appears on each
line, in dotted decimal format. The order of the addresses is not
significant.
To display the addresses the Cache Manager is currently registering
with File Servers, use the fs getclientaddrs command.
Server NetRestrict
The NetRestrict file, if present in the /usr/afs/local directory,
defines the following:
· On a file server machine, the local interfaces that the File Server
(fileserver process) does not register in the Volume Location
Database (VLDB) at initialization time.
· On a database server machine, the local interfaces that the Ubik
synchronization library does not use when communicating with the
database server processes running on other database server
machines.
As it initializes, the File Server constructs a list of interfaces to
register, from the /usr/afs/local/NetInfo file if it exists, or from
the list of interfaces configured with the operating system otherwise.
The File Server then removes from the list any addresses that appear in
the NetRestrict file, if it exists. The File Server records the
resulting list in the /usr/afs/local/sysid file and registers the
interfaces in the VLDB. The database server processes use a similar
procedure when initializing, to determine which interfaces to use for
communication with the peer processes on other database machines in the
cell.
To display the File Server interface addresses registered in the VLDB,
use the vos listaddrs command.
SEE ALSONetInfo(5), sysid(5), vldb.DB0(5), fileserver(8), fs_getclientaddrs(1)vos_listaddrs(1)COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0.
It was converted from HTML to POD by software written by Chas Williams
and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
OpenAFS 2013-10-09 NETRESTRICT(5)