How to restrict Windows XP DHCP clients to a specific subnet?

[Ole Holm Nielsen]

Simon Hobson dhcp1 at thehobsons.co.uk wrote:
> Where you use an allow clause, anything not specifically allowed is denied, so you can do :
>   pool {
>     allow members of "tom";
>     allow members of "dick";
>     allow members of "harry";
>     range ...;
>   }
> which will allow members of those classes but nothing else.
>
> Do not be tempted to mix allow and deny - it doesn't work as most people would expect, it's been explained just how it does work a few times, but I can't remember. Simplest advice is "just don't" as it's not likely to give the result you expect.

I've been testing this now, and unfortunately it seems that you're 
right!  Mixing allow/deny statements within a pool breaks completely any 
logic which I can see.

Where might this strange allow/deny behavior be documented?  The DHCP 
Handbook 2nd ed. discusses on p. 344 various allow and deny statements, 
but has nothing to say about mixing them.

The dhcpd.conf man-page (ISC dhcp 4.1.1 that comes with RHEL 6.5) says 
quite the opposite from what you have explained:
> If both permit and deny lists exist for a pool, then only clients that match the permit list and do not match the  deny list will be allowed access.

Confusion is apparently abundant!

-- 
Ole Holm Nielsen
Department of Physics, Technical University of Denmark