Configure dhclient to check value of DHCP options

Jon Smaller jesterx at gmail.com
Wed Jul 22 03:56:55 UTC 2009


Hi Abd,
Thanks a lot for this patch, it looks like just what i am after ... i will
give it a go! Just as a tiny aside, Is this going against the RFC in anyway?

On Tue, Jul 21, 2009 at 11:22 PM, Abd4llA <abd4lla at ahmedabdalla.net> wrote:

> Hi,
> I was facing the same situation in my company last week, so I had to create
> the attached patch for dhcp-4.1.0p1.
> The patch allows you to specify in the dhclient.conf to require a specific
> option be sent with a specific value.
> The require statement is as follows:
>
> require [<option_name> , ] [option <option_name> <value> , ] .... ;
> so for example:
> require option vendor-encapsulated-options "ISC";
> or
> require time-offset, option vendor-encapsulated-options "ISC";
>
> I'm gonna post this patch to the dhcp-hackers mailing list.
>
>
> On Tue, Jul 21, 2009 at 10:22 AM, Sten Carlsen <stenc at s-carlsen.dk> wrote:
>
>> How about using a number of uncommon options? It would be strange that
>> "some" other server could give out a number of unusual  options.
>>
>> You could even define your very own  option that nobody else would know
>> about.
>>
>> I can't tell you how but somebody else will be able to.
>>
>>
>> Jon Smaller wrote:
>> > Hi Alan,
>> >
>> > That approach would work but would involve having firewall rules on
>> > each of the boxes ... And for different installations of our
>> > monitoring solution, the main DHCP server would have different ip
>> > addresses, thus increasing the configuration complexity of the
>> > individual boxes (I intend to have a large number of these monitoring
>> > boxes in the field).
>> >
>> > Also were the IP/NIC of the main server to change, then we would have
>> > to manually reconfigure the firewall rules on each of these boxes,
>> > which could number in the hundreds.
>> >
>> > Jon
>> >
>> >
>> >
>> > On 20/07/2009, at 6:58 PM, A.L.M.Buxey at lboro.ac.uk wrote:
>> >
>> >> Hi,
>> >>
>> >> you know your servers - their IP and MAC addresses - so just stick
>> >> a host-based firewall (eg iptables for linux) onto your box
>> >> and configure it to only allow DHCP to pass through from your
>> >> boxes?
>> >>
>> >> alan
>> >> _______________________________________________
>> >> dhcp-users mailing list
>> >> dhcp-users at lists.isc.org
>> >> https://lists.isc.org/mailman/listinfo/dhcp-users
>> > _______________________________________________
>> > dhcp-users mailing list
>> > dhcp-users at lists.isc.org
>> > https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>> --
>> Best regards
>>
>> Sten Carlsen
>>
>> No improvements come from shouting:
>>
>>       "MALE BOVINE MANURE!!!"
>>
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
>
>
> --
> Ahmed Abdalla
> Software Engineer
> Sun Team.
>
> Thebe Technology. Egypt - Belgium
> 16 Nehro St. Heliopolis. Cairo
> Egypt.
>
> http://www.sun.com/software/q-layer/
> http://www.thebetechnology.com
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20090722/63c72941/attachment.html>


More information about the dhcp-users mailing list