# :DEFAULT: [all of the default options except volume name]
# path [name] [casefold:x] [options:z,l,j] \
# [allow:a,@b,c,d] [deny:a,@b,c,d] [dbpath:path] [password:p] \
-# [rwlist:a,@b,c,d] [rolist:a,@b,c,d] [limitsize:value in bytes]\
-# [preexec:cmd] [root_preexec:cmd] [postexec:cmd] [root_postexec:cmd]
-#
-#
-# name: volume name. it can't include the ':' character and is limited
-# to 27 characters in length.
+# [rwlist:a,@b,c,d] [rolist:a,@b,c,d] [limitsize:value in bytes] \
+# [preexec:cmd] [root_preexec:cmd] [postexec:cmd] [root_postexec:cmd] \
+# [allowed_hosts:IPv4 address[/IPv4 netmask bits]] \
+# [denied_hosts:IPv4 address[/IPv4 netmask bits]] \
+#
+# name: volume name. it can't include the ':' character
#
# variable substitutions:
# you can use variables for both <path> and <name> now. here are the
# allow/deny/rwlist/rolist format [syntax: allow:user1,@group]:
# user1,@group,user2 -> allows/denies access from listed users/groups
# rwlist/rolist control whether or not the
-# volume is ro for those users.
+# volume is ro for those users.
+# allowed_hosts -> Only listed hosts and networks are allowed,
+# all others are rejected. Example:
+# allowed_hosts:10.1.0.0/16,10.2.1.100
+# denied_hosts -> Listed hosts and nets are rejected,
+# all others are allowed. Example:
+# denied_hosts: 192.168.100/24,10.1.1.1
# preexec -> command to be run when the volume is mounted,
# ignore for user defined volumes
# root_preexec -> command to be run as root when the volume is mounted,
# ignore for user defined volumes
-# postexec -> command to be run when the volume is closed,
+# postexec -> command to be run when the volume is closed,
# ignore for user defined volumes
-# root_postexec -> command to be run as root when the volume is closed,
+# root_postexec -> command to be run as root when the volume is closed,
# ignore for user defined volumes
#
# codepage options [syntax: options:charsetname]
-# volcharset -> specifies the charset to be used as the volume codepage
-# e.g. "UTF8", "UTF8-MAC", "ISO-8859-15"
-# maccharset -> specifies the charset to be used as the mac client codepage
-# e.g. "MAC_ROMAN", "MAC_CYRILLIC"
+# volcharset -> specifies the charset to be used as the volume codepage
+# e.g. "UTF8", "UTF8-MAC", "ISO-8859-15"
+# maccharset -> specifies the charset to be used as the mac client codepage
+# e.g. "MAC_ROMAN", "MAC_CYRILLIC"
+#
+# perm -> default permission value OR with the client requested perm
+# dperm -> default permission value for directories OR with the client
+# requested perm
+# fperm -> default permission value for filesOR with the client
+# requested perm
#
# miscellaneous options [syntax: options:option1,option2]:
+# tm -> enable TimeMachine support
# prodos -> make compatible with appleII clients.
# crlf -> enable crlf translation for TEXT files.
# noadouble -> don't create .AppleDouble unless a resource
# ro -> mount the volume as read-only.
# mswindows -> enforce filename restrictions imposed by MS
# Windows. this will also invoke a default
-# codepage (iso8859-1) if one isn't already
-# specified.
-# nohex -> don't do :hex translations for anything
-# except dot files. specify usedots as well if
-# you want that turned off. note: this option
-# makes the / character illegal.
+# codepage (iso8859-1) if one isn't already
+# specified.
+# nohex -> don't do :hex translations for anything
+# except dot files. specify usedots as well if
+# you want that turned off. note: this option
+# makes the / character illegal.
# usedots -> don't do :hex translation for dot files. note: when
# this option gets set, certain file names
-# become illegal. these are .Parent and
-# anything that starts with .Apple.
+# become illegal. these are .Parent and
+# anything that starts with .Apple.
# invisibledots -> don't do :hex translation for dot files. note: when
# this option gets set, certain file names
-# become illegal. these are .Parent and
-# anything that starts with .Apple. also, dot
-# files created on the unix side are marked invisible.
+# become illegal. these are .Parent and
+# anything that starts with .Apple. also, dot
+# files created on the unix side are marked invisible.
# limitsize -> limit disk size reporting to 2GB. this is
# here for older macintoshes using newer
# appleshare clients. yucko.
# volume being mounted.
# nostat -> don't stat volume path when enumerating volumes list
# upriv -> use unix privilege.
-# perm -> default permission value OR with the client requested perm
-#
-#
+# illegalseq -> encode illegal sequence in filename asis, ex "\217-", which is not
+# a valid SHIFT-JIS char, is encoded as U\217 -
+# acls -> Enable ACLs on this volume. Requires a NFSv4 ACLs
+# compatible filesystem (e.g. ZFS) and an ACL API
+# compatible to *Solaris. In other words: this requires
+# Solaris, Opensolaris or a derived distribution.
+# nocnidcache -> Don't store and read CNID to/from AppleDouble file.
+# This should not be used as it also prevents a CNID
+# database rebuild with `dbd`!
+
# dbpath:path -> store the database stuff in the following path.
# password:password -> set a volume password (8 characters max)
# cnidscheme:scheme -> set the cnid scheme for the volume, default is [:DEFAULT_CNID_SCHEME:]