To add some filter rules in conf file

Wed Oct 21 07:06:26 UTC 2009

Ashmath Khan wrote:

>Thanks Bruce. This is a bit tricky as I mentioned before.

No it's not tricky at all !

>Consider this:
>
>I want to drop clients if its option 60 has the string "VIP".
>so I have a class:
>class "VIP" { match if substring(option 60, 0,3) = "VIP"; }
>later I have other classes... etc
>then I have the pool:
>pool {
>.... dummy..
>deny members of "VIP";
>}
>later other pools etc.
>
>Now, suppose, there is incoming packet from client which has option 
>60 and string "VIP". It doesn't match the first pool. But there is a 
>chance that it could match other pools and that pool is assigned, 
>there is no break or exit here.

Have you been reading at all ? If you use "deny members of ..." then 
you implicitly allow ALL clients that DON'T match that class.

Lets take this in steps, suppose you actually did want to give 
addresses to members of VIP, you'd do this :
pool {
   allow members of "VIP";
   range a.b.c.1 a.b.c.10;
}
No other client would be allows to use these addresses, and assuming 
you've followed through and made all pools conditional on class 
membership as discussed, members of VIP would not be allowed to use 
any other pool.

Follow me so far ?

Now look what happens if we remove the range statement :
pool {
   allow members of "VIP";
}
Again, members of VIP are only allowed to use this pool - but look, 
there aren't any addresses available for them to use. The server will 
log "no free leases" and the client won't get an address. Ie, exactly 
what you've asked for.

Now, this is actually rather redundant, so you can simply omit the 
pool declaration altogether and members of VIP will still not be able 
to get a lease.

But one other thing - this doesn't mean that those clients can't use 
your network. It only means they won't get an address automatically - 
it won't stop someone manually configuring a client.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.