Configure file storage access for specific IP addresses or subnets

You can configure file storage access for:

• all IP addresses of the private subnet where the storage is located;
• specific IP addresses;
• other private subnets.

To configure file storage access, you need to add rules or delete rules. You can select a specific access level for each rule. Rules can be added:

• when creating file storage;
• or for an existing file storage.

Access levels

Depending on the file storage protocol, you can assign an access level to the storage:

• for CIFS SMBv3 — read and write (rw);
• for NFSv4 — read only (ro), read and write (rw).

Add rule

For your information

A new access rule list for file storages with the NFSv4 protocol is applied within 15 minutes after adding or deleting rules.

Rules are applied in the order they appear in the list — from top to bottom:

• a rule for access to storage from any IP address in a private subnet (0.0.0.0/0);
• access rules from private subnets (e.g., 192.168.0.0/29);
• access rules from specific IP addresses (e.g., 192.168.0.10).

note

For example, if the rules 0.0.0.0/0, 192.168.0.0/29, 192.168.0.1 are added, access to the storage will be granted from any IP address in the private subnet.

Control panel

1. In the Control panel, on the top menu, click Products and select File Storage.

2. Open the file storage page → Access Rules tab.

3. Click + Add Rule.

4. Enter an IP address or the CIDR of the private subnet.

5. Select an access level.

6. Optional: enter a comment for the rule.

7. Click Save.

8. Optional: to add an additional rule, click + Add Rule.

OpenStack CLI

1. Open the OpenStack CLI.

2. Create an access rule:

openstack share access create <share> ip <ip_address> --access-level ro

Specify:

• <share> — name or ID of the file storage. You can view the list of file storages using the command openstack share list;
• <ip_address> — IP address or CIDR of the subnet to which you want to grant access to the file storage;
• optional: --access-level ro — access level to file storage with NFSv4 protocol, read-only. If you do not specify the parameter, the default value is rw — read and write access.

Delete rule

For your information

A new access rule list for file storages with the NFSv4 protocol is applied within 15 minutes after adding or deleting rules.

Control panel

1. In the Control panel, on the top menu, click Products and select File Storage.

2. Open the file storage page → Access Rules tab.

3. In the rule row, click .

4. Click Delete.

OpenStack CLI

1. Open the OpenStack CLI.

2. Delete an access rule:

openstack share access delete <share> <rule_id>

Specify:

• <share> — name or ID of the file storage. You can view the list of file storages using the command openstack share list;
• <rule_id> — access rule ID. You can view the list of rules using the command openstack share access list.