## Controlling AFS Access using IP Addresses. A common mistake is to put the IP address directly on a directory's ACL. As is explained in this [thread](https://lists.openafs.org/pipermail/openafs-info/2002-February/003292.html), that doesn't work. You need to create a group and put the IP addresses in there. The user should be warned that IP addresses can be spoofed relatively easily. See also [http://www.transarc.ibm.com/Support/afs/admin/IP\_acls.html](http://www.transarc.ibm.com/Support/afs/admin/IP_acls.html) -- [[TedAnderson]] - 07 Feb 2002 From Joseph H Vilas < > to [OpenAFS](https://www.openafs.org/pipermail/openafs-info/2003-February/008151.html) on 25-Feb-2003: I got tired of figuring this out and explaining it, so I wrote: As Ruby pointed out, it's not so secure as it could be, but it may be adequate for some applications. BTW, I'd appreciate any feedback on the document folks might have. Joe -- [[TedAnderson]] - 26 Feb 2003 IP-based ACL or ACLs is a common term for this. Hopefully this note makes the wiki search find this page for the next person who is looking. -- [[DanPritts]] - 21 Oct 2003