[OpenAFS] NetRestrict
Derrick J Brashear
shadow@dementia.org
Wed, 14 Mar 2007 10:09:54 -0400 (EDT)
On Wed, 14 Mar 2007, Steve Devine wrote:
> Derrick J Brashear wrote:
>> On Wed, 14 Mar 2007, Steve Devine wrote:
>>
>>> Environment:
>>> Volserver is OpenAFS 1.4.2 built 2007-02-19
>>> OS is Suse 10.2
>>> Server has an Iscsi enclosure on a private ip address (192.168.0.9)
>>> I put NetRestrict file in place in /usr/afs/local/
>>> inside file I put one line "192.168.0.255" Hoping to cover entire subnet.
>>
>> It doesn't work that way.
>> I must have read this wrong then:
> The *NetRestrict* file is in ASCII format. One IP address appears on each
> line, in dotted decimal format. The order of the addresses is not
> significant. The value *255* is a wildcard that represents all possible
> addresses in that field. For example, the value *192.12.105.255* indicates
> that the Cache Manager does not register any of the addresses in the
> *192.12.105* subnet.
I'll reread the code later, but I don't remember that piece of code. I was
in that code in the last month, literally, because it turns out the fake
ip address support doesn't actually work correctly if you also have a
NetRestrict file.