always use deny (was: How does DHCPD determine what IP address to assign and...)
Keith Neufeld
Keith.Neufeld at wichita.edu
Wed Jan 2 17:14:01 UTC 2008
On Jan 2, 2008, at 10:30 AM, David W. Hankins wrote:
> I'm also thinking of making 'deny' de rigeur in a future version of
> the software, to open up some opportunities for optimization.
>
> We'd still support 'allow' statements, but we'd only do it by
> synthesizing the inverse denies.
>
> So you may just as well always use deny...
>
That seems counterintuitive to me. _Almost_ always when I make a
pool, it's to permit access by one or a small number of classes and
deny everyone else, not to deny access by one or a small number of
classes and permit everyone else. Semantically I'm doing an allow by
a small group, and it makes most sense to me to do so syntactically as
well.
Am I in the minority?
Of course, functionally what I'm doing is:
deny not members of "class1", "class2", "class3";
But I'm not sure I even _want_ to ask for that syntax, lest it be
granted. :-/
--
Keith Neufeld
Lead Network Engineer
Wichita State University
More information about the dhcp-users
mailing list