Menu
▾
▴
#75 allowed_hosts: and denied_hosts: option for afpd volumes
I have written a patch to afpd that adds a new option that gives network
access controls on a per-volume basis.
Example: AppleVolume.default
/mnt/VolGroup00/data1 "PrivateData" allowed_hosts:192.168.1.10,192.168.10.0/24 denied_hosts:192.168.10.6
/mnt/VolGroup00/dat2 "PublicData"
My reason for writing this is that the openfiler NAS system has radio buttons to allow access on a per-share, per-network basis. I figure that the only way the openfiler developers will include AFP support in their product is if APF provides the same level of control.
this diff is against cvs.
Please let me know if you have any questions or concerns with my patch. I hope you find my effort useful.
cvs patch
Thanks for contributing!
Afaics current denied_hosts semantics only will recognize single hosts, right?
It should be consistent with allowed_hosts which supports netmasks.
Nope. I just gave a bad example. The code for allowed_hosts and denied_hosts is the same. I just treat the return code differently. It's the same return code handling as allowed: and denied: for user access.
Semantics for the doc:
allowed_hosts: only listed hosts and networks are allowed, all others are rejected
denied_hosts: listed hosts and nets are rejected, all others are allowed
Commit to HEAD. Merge to 2.0 branch still pending.
Commit to branch 2.0.
To do: man page.