Configure dhclient to check value of DHCP options

Abd4llA abd4lla at ahmedabdalla.net
Tue Jul 21 13:22:57 UTC 2009


Hi,
I was facing the same situation in my company last week, so I had to create
the attached patch for dhcp-4.1.0p1.
The patch allows you to specify in the dhclient.conf to require a specific
option be sent with a specific value.
The require statement is as follows:

require [<option_name> , ] [option <option_name> <value> , ] .... ;
so for example:
require option vendor-encapsulated-options "ISC";
or
require time-offset, option vendor-encapsulated-options "ISC";

I'm gonna post this patch to the dhcp-hackers mailing list.

On Tue, Jul 21, 2009 at 10:22 AM, Sten Carlsen <stenc at s-carlsen.dk> wrote:

> How about using a number of uncommon options? It would be strange that
> "some" other server could give out a number of unusual  options.
>
> You could even define your very own  option that nobody else would know
> about.
>
> I can't tell you how but somebody else will be able to.
>
>
> Jon Smaller wrote:
> > Hi Alan,
> >
> > That approach would work but would involve having firewall rules on
> > each of the boxes ... And for different installations of our
> > monitoring solution, the main DHCP server would have different ip
> > addresses, thus increasing the configuration complexity of the
> > individual boxes (I intend to have a large number of these monitoring
> > boxes in the field).
> >
> > Also were the IP/NIC of the main server to change, then we would have
> > to manually reconfigure the firewall rules on each of these boxes,
> > which could number in the hundreds.
> >
> > Jon
> >
> >
> >
> > On 20/07/2009, at 6:58 PM, A.L.M.Buxey at lboro.ac.uk wrote:
> >
> >> Hi,
> >>
> >> you know your servers - their IP and MAC addresses - so just stick
> >> a host-based firewall (eg iptables for linux) onto your box
> >> and configure it to only allow DHCP to pass through from your
> >> boxes?
> >>
> >> alan
> >> _______________________________________________
> >> dhcp-users mailing list
> >> dhcp-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/dhcp-users
> > _______________________________________________
> > dhcp-users mailing list
> > dhcp-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/dhcp-users
>
> --
> Best regards
>
> Sten Carlsen
>
> No improvements come from shouting:
>
>       "MALE BOVINE MANURE!!!"
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>



-- 
Ahmed Abdalla
Software Engineer
Sun Team.

Thebe Technology. Egypt - Belgium
16 Nehro St. Heliopolis. Cairo
Egypt.

http://www.sun.com/software/q-layer/
http://www.thebetechnology.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20090721/bbbb661b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dhcp-4.1.0p1-BO-210709.patch
Type: text/x-patch
Size: 12435 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20090721/bbbb661b/attachment.bin>


More information about the dhcp-users mailing list