NFS: share with all clients except one

I don't know of any NFS server that accepts negative patterns in the exports file.

You can use netmasks to cover several clients at once if you're listing IP addresses (you can't use wildcard patterns for IP addresses). For example the following line matches 192.168.1.* except 192.168.1.24. Yes, it's tedious.

/opt/resources 192.168.1.0/28(rw,async) 192.168.1.16/29(rw,async) 192.168.1.25(rw,async) 192.168.1.26/31(rw,async) 192.168.1.28/30(rw,async) 192.168.1.32/27(rw,async)  192.168.1.64/26(rw,async) 192.168.1.128/25(rw,async)

You can avoid cluttering the exports file and possibly duplication by using a NIS netgroup. However, in the netgroup file you will need to list all hosts in all lists.

If you can't find a satisfactory way to describe the access lists for each exported tree, you may want to automatically generate the hosts or netgroup file.

AFAIK, NFS does not have any option to deny a specified client (Because if client is not listed in exports entry, it can not access shared resource).

In your case, I think you can use host.deny to deny a client to access NFS share. Add a line to /etc/host.deny:

portmap:192.168.1.24

This, of course, is not a perfect solution, because the client which is listed in /etc/host.deny can not access to any others share resources in NFS server.