Configure dhclient to check value of DHCP options

Wed Jul 22 16:41:44 UTC 2009

Hi Jon,
I'm not quite sure about the RFC compatibility, I'm sure there're quite a
lot of people on this list who knows more about that :)
Please let me know the results,
Regards,

On Wed, Jul 22, 2009 at 6:56 AM, Jon Smaller <jesterx at gmail.com> wrote:

> Hi Abd,
> Thanks a lot for this patch, it looks like just what i am after ... i will
> give it a go! Just as a tiny aside, Is this going against the RFC in anyway?
>
>
> On Tue, Jul 21, 2009 at 11:22 PM, Abd4llA <abd4lla at ahmedabdalla.net>wrote:
>
>> Hi,
>> I was facing the same situation in my company last week, so I had to
>> create the attached patch for dhcp-4.1.0p1.
>> The patch allows you to specify in the dhclient.conf to require a specific
>> option be sent with a specific value.
>> The require statement is as follows:
>>
>> require [<option_name> , ] [option <option_name> <value> , ] .... ;
>> so for example:
>> require option vendor-encapsulated-options "ISC";
>> or
>> require time-offset, option vendor-encapsulated-options "ISC";
>>
>> I'm gonna post this patch to the dhcp-hackers mailing list.
>>
>>
>> On Tue, Jul 21, 2009 at 10:22 AM, Sten Carlsen <stenc at s-carlsen.dk>wrote:
>>
>>> How about using a number of uncommon options? It would be strange that
>>> "some" other server could give out a number of unusual  options.
>>>
>>> You could even define your very own  option that nobody else would know
>>> about.
>>>
>>> I can't tell you how but somebody else will be able to.
>>>
>>>
>>> Jon Smaller wrote:
>>> > Hi Alan,
>>> >
>>> > That approach would work but would involve having firewall rules on
>>> > each of the boxes ... And for different installations of our
>>> > monitoring solution, the main DHCP server would have different ip
>>> > addresses, thus increasing the configuration complexity of the
>>> > individual boxes (I intend to have a large number of these monitoring
>>> > boxes in the field).
>>> >
>>> > Also were the IP/NIC of the main server to change, then we would have
>>> > to manually reconfigure the firewall rules on each of these boxes,
>>> > which could number in the hundreds.
>>> >
>>> > Jon
>>> >
>>> >
>>> >
>>> > On 20/07/2009, at 6:58 PM, A.L.M.Buxey at lboro.ac.uk wrote:
>>> >
>>> >> Hi,
>>> >>
>>> >> you know your servers - their IP and MAC addresses - so just stick
>>> >> a host-based firewall (eg iptables for linux) onto your box
>>> >> and configure it to only allow DHCP to pass through from your
>>> >> boxes?
>>> >>
>>> >> alan
>>> >> _______________________________________________
>>> >> dhcp-users mailing list
>>> >> dhcp-users at lists.isc.org
>>> >> https://lists.isc.org/mailman/listinfo/dhcp-users
>>> > _______________________________________________
>>> > dhcp-users mailing list
>>> > dhcp-users at lists.isc.org
>>> > https://lists.isc.org/mailman/listinfo/dhcp-users
>>>
>>> --
>>> Best regards
>>>
>>> Sten Carlsen
>>>
>>> No improvements come from shouting:
>>>
>>>       "MALE BOVINE MANURE!!!"
>>>
>>> _______________________________________________
>>> dhcp-users mailing list
>>> dhcp-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>>
>>
>>
>>
>> --
>> Ahmed Abdalla
>> Software Engineer
>> Sun Team.
>>
>> Thebe Technology. Egypt - Belgium
>> 16 Nehro St. Heliopolis. Cairo
>> Egypt.
>>
>> http://www.sun.com/software/q-layer/
>> http://www.thebetechnology.com
>>
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>

-- 
Ahmed Abdalla
Software Engineer
Sun Team.

Thebe Technology. Egypt - Belgium
16 Nehro St. Heliopolis. Cairo
Egypt.

http://www.sun.com/software/q-layer/
http://www.thebetechnology.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20090722/b6f22fc1/attachment.html>