To add some filter rules in conf file

[Simon Hobson]

Ashmath Khan wrote:

>So then how do I make sure it picks always from pool 1 when it 
>matches ? Or is there a way I can make it to 'exit' when it finds 
>the first match ?

Simple - you apply allow or deny directives such that any client is 
only eligible to get an address from the pool(s) you want. Eg :

pool {
   allow members of "a";
   ...
}
pool {
   allow members of "b";
   ...
}
pool {
   deny members of "a";
   deny members of "b";
   ...
}

In this example, members of "a" are allowed only the first pool, 
members of "b" are allowed only the second pool, and anything else is 
allowed only the third pool.

Note that if you use an allow statement, then anything not explicitly 
allowed is implicitly denied - and vice-versa when you use a deny. So 
in the first pool, anything NOT a member of "a" is implicitly denied 
- you don't need to explicitly deny members of "b". In the last pool, 
anything not in classes "a" and "b" is implicitly allowed.

Statements are not executed in order, there is no "match this pool, 
match this pool, and only fall through to this pool if the previous 
ones don't match" capability. Internally, a lot of stuff is stored in 
hashed lists - so it's possible that things may not even be evaluated 
in the order they are written in the config file.

Lastly, you are strongly advised not to try mixing allow and deny in 
one pool. Again, they are *not* executed in order until a match is 
found like some other software packages and the results may be 
non-intuitive. It's best to stick to either allow, or deny, within 
each pool.

-- 
Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.