Network and Storage Protocols

fpolicy file extension control



I would like to limit user to store some file extension (just like mp3, etc). I find the solution is to use fpolicy by CLI but how to do it? Any other alternative like WebGUI to manage it? Is it apply all CIFS volume or dedicate volume/qtree?



here is an example of creating a native block.... I use doc and pdf as the extensions which wouldn't be typical...just for an example of multiple extensions..

fas3170*> options fpol
fpolicy.enable               on
fpolicy.i2p_ems_interval     60

fas3170*> fpolicy create nativeblock screen
File policy nativeblock created successfully.

fas3170*> fpolicy ext inc set nativeblock doc,pdf

fas3170*> fpolicy options nativeblock required on

fas3170*> fpolicy monitor set nativeblock -p cifs,nfs create,rename
Warning: User requests may be denied because there are no file screening servers registered with the filer. Are you sure? yes

fas3170*> fpolicy enable nativeblock -f
Mon Mar 16 14:35:00 PDT last message repeated 2 times
Mon Mar 16 14:37:44 PDT [fas3170: fpolicy.fscreen.enable:info]: FPOLICY: File policy nativeblock (file screening) is enabled.
File policy nativeblock (file screening) is enabled.

All volumes are on by default... to turn on/off a volume... see below to turn off for a volume...

fas3170*> fpolicy vol exc set nativeblock test

fas3170*> fpolicy vol inc show nativeblock
List of volume specifications to screen:
List empty - All volumes are being monitored.

fas3170*> fpolicy vol exc show nativeblock
List of volume specifications not to screen:


how do I block *.catpart and *.igs from saving to my filers using fpolicy? I run ontab 8.1.3