David W. Hankins
David_Hankins at isc.org
Thu Sep 7 17:18:39 UTC 2006
On Thu, Sep 07, 2006 at 05:12:27PM +0100, Simon Hobson wrote:
> First thing, mixing allow and deny won't do what you expect ! I can't
> remember the details, but there's some complicated way they work. An
> allow implies deny anything not allowed, and vice-versa.
This comes up infrequently enough that I can't remember either. Which
is why I updated 'man dhcpd.conf' to remind me:
aren’t. Each entry in a pool’s permit list is introduced with the
allow or deny keyword. If a pool has a permit list, then only those
clients that match specific entries on the permit list will be eligible
to be assigned addresses from the pool. If a pool has a deny list,
then only those clients that do not match any entries on the deny list
will be eligible. If both permit and deny lists exist for a pool,
then only clients that match the permit list and do not match the deny
list will be allowed access.
So, configuring both is "if permitted, and not denied", and the
order of these statements in the config file is unimportant (in
fact, I think the entries are pushed onto a stack, so they're
run in reverse).
ISC Training! October 16-20, 2006, in the San Francisco Bay Area,
covering topics from DNS to DDNS & DHCP. Email training at isc.org.
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
More information about the dhcp-users