Allow/Deny in Pool Declaration - Implicit Deny?
Simon Hobson
dhcp1 at thehobsons.co.uk
Wed Dec 20 08:59:25 UTC 2006
Kelvin Williams wrote:
>If I were to allow members of a particular class within a pool. Do I
>implicitly deny all others? If not, how do I deny all others except for
>those I have allowed. Would a:
>
>
>allow members of "myclass";
>
>deny all clients;
>
>
>
>service all of the members of "myclass" and no other?
Leave out the deny statement, it's implied if you use an allow.
Similarly, if you use a deny, then there is an implicit allow. I
cannot recall the details of how mixed allow and deny work, but it's
not intuitive and it's best not to mix them.
Bear in mind that you need to deny members of "myclass" from other
pools as well, eg :
...
pool {
allow members of "myclass1" ;
...
}
pool {
allow members of "myclass2" ;
...
}
pool {
deny members of "myclass1" ;
deny members of "myclass2" ;
...
}
Without the deny statements in the third pool, members of each class
will be able to get addresses from both their own pool, and the third
pool.
More information about the dhcp-users
mailing list