To add some filter rules in conf file
Simon Hobson
dhcp1 at thehobsons.co.uk
Mon Oct 19 18:21:41 UTC 2009
Quoting (especially top posting) fixed !
Ashmath Khan wrote:
>>I do have one last idea, though if it will work or not I don't
>>know. If you check "man dhcp-eval" you'll find there is an "if ...
>>elseif ... else" mechanism. I could see the possibility of using
>>this to set a variable to say how far a client matched your
>>sequential list of tests - so you could drop out the test with a
>>variable set to "r1", "r2" etc. Then configure your classes with
>>match if <somevariable> = "r1" and so on.
>Sorry, I can't make out much from this.
OK, taking the example given by Jeff Haran :
rule 1: If its red, use the red pool, else
rule 2: If its fat, use the fat pool, else
rule 3: If its tall, use the tall pool, else
rule 4: Use the cold pool
You'd express this in terms of :
If it's Red, then set kind:=red
Elseif it's fat, then set kind:=fat
Elseif it's tall, then set kind:=tall
Else, set kind:=cold
Then you'd have classes like this :
Class "red" { match if kind="red" ; ...}
Class "fat" { match if kind="fat" ; ...}
Class "tall" { match if kind="tall" ; ...}
Class "cold" { match if kind="cold" ; ...}
You now have four classes that are mutually exclusive and so you just
have to "allow member of ..." a single class in each pool.
It's not something I've ever tried. I'd hope that the expression and
conditionals would be evaluated before evaluating the class
memberships - if not then it can't ever hope to work.
>>Finally - what are you actually trying to achieve ?
>Let me point you to the initial post I sent to this list:
><https://lists.isc.org/pipermail/dhcp-users/2009-September/009879.html>https://lists.isc.org/pipermail/dhcp-users/2009-September/009879.html
>Basically I want to filter clients based on some rules and the
>actions would be to either assign some pools to them or ignore those
>clients. If a rule is met I don't evaluate further rules. Hope its
>clear now!
>Here's as example:
>rule 1 type dhcp-option
>rule 1 dhcp-option 60
>rule 1 match-str "*VIP*"
>rule 1 match-action discard
>rule 1 absent-action continue
>rule 2 type dhcp-option
>rule 2 dhcp-option 60
>rule 2 match-str "*"
>rule 2 match-action pass
>rule 2 match-pool 192.168.1.100
>rule 2 match-option-group ""
>rule 2 absent-action continue
>etc
Sorry, but I'm no wiser as to what the objective is. It's an
incredibly complex set of requirements and I can't recall anyone else
ever coming to the list with anything quite like it. You're telling
us how you want to achieve something, but I cannot see what it is
that you want to achieve.
>Also from dhcpd.conf:
>"
>If both permit and deny lists exist for a pool,
> then only clients that match the permit list and do not match the deny
>
>
> list will be allowed access.
>"
>So it says we can mix allow and deny statements.
I didn't say you can't, but it's general advice to avoid mixing them
- it seems to be a good source of confusion as people will still read
a list of allow/deny statements and still think in terms of a linear
"match first" operation. If that happens then the results won't be as
expected.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list