[OpenAFS] NetRestrict

Steve Devine sdevine@msu.edu
Wed, 14 Mar 2007 11:58:50 -0400

Derrick J Brashear wrote:
> On Wed, 14 Mar 2007, Steve Devine wrote:
>> Derrick J Brashear wrote:
>>> On Wed, 14 Mar 2007, Steve Devine wrote:
>>>> Environment:
>>>> Volserver is OpenAFS 1.4.2 built  2007-02-19
>>>> OS is Suse 10.2
>>>> Server has an Iscsi enclosure on a private ip address (
>>>> I put NetRestrict file in place in /usr/afs/local/
>>>> inside file I put one line "" Hoping to cover entire 
>>>> subnet.
>>> It doesn't work that way.
>>> I must have read this wrong then:
>> The *NetRestrict* file is in ASCII format. One IP address appears on 
>> each line, in dotted decimal format. The order of the addresses is 
>> not significant. The value *255* is a wildcard that represents all 
>> possible addresses in that field. For example, the value 
>> ** indicates that the Cache Manager does not register 
>> any of the addresses in the *192.12.105* subnet.
> I'll reread the code later, but I don't remember that piece of code. I 
> was in that code in the last month, literally, because it turns out 
> the fake ip address support doesn't actually work correctly if you 
> also have a NetRestrict file.

> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

Further Developments.
With a NetRestrict File in place you can list IP's to restrict like so:

And this works .. which is really all I want. This way I can make one 
file to go on many servers.
The NetInfo file is not required but it is best to delete the sysid file 
before starting the bosserver. This insures that the
server you want registered in the vldb gets registered.

Steve Devine
Storage Systems
Academic Computing & Network Services
Michigan State University

506 Computer Center
East Lansing, MI 48824-1042

Baseball is ninety percent mental; the other half is physical.
- Yogi Berra