combine "allow unknown-clients" with "deny all clients"
Simon Hobson
dhcp1 at thehobsons.co.uk
Sat Oct 10 16:48:51 UTC 2009
Chuck Anderson wrote:
>Is it safe to combine "allow unknown-clients" with "deny all clients"
>in a pool declaration? I just discovered that "known-clients" appears
>to only apply to host declarations.
Correct
>MAC addresses defined in subclass
>declarations don't match "known-clients". So, instead of:
>
>pool {
> deny known-clients;
> allow unknown-clients;
>}
>
>which still allows MACs defined in subclasses into the pool, I'd like
>to do this instead:
>
>pool {
> deny all clients;
> allow unknown-clients;
>}
IFF it works as expected, then any client not "known" (ie without a
matching host statement) will still be allowed regardless of it's
membership of any classes. In any case, simply allowing any group of
clients implicitly denies any that don't match - so that is
equivalent to :
pool {
allow unknown-clients;
}
>Will this work? I don't want any known clients at all, whether
>defined in "host" declarations or "subclass" declarations, to be
>allowed into this pool, only genuinely unknown clients.
As above, probably not.
>If the above won't work, does anyone have suggestions on how to make
>this work. I could use:
>
>deny members of "class1";
>deny members of "class2";
>deny members of "class3";
>
>etc. but that seems a pain if you have many classes, not all of which
>will be known ahead of time.
Not sure if you can define a class along the lines of :
class "strangers" {
match if ( not a member of "a" and not a member of "b" ...)
}
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list