To add some filter rules in conf file

Ashmath Khan hashmat.email at gmail.com
Fri Nov 6 10:51:11 UTC 2009


I switched to this(using allow and deny), if anybody has any comments,
please let me know. This seems to be working as according to my reqs.
thanks.
---
subnet 192.168.1.0 netmask 255.255.255.0 {
default-lease-time 86400;
max-lease-time 86400;

class "rule1" {
match if option vendor-class-identifier ~= ".*MSFT.*";
}
pool {
option time-offset -12345;
option netbios-name-servers 10.232.1.45;
option time-servers 1.2.3.4,10.232.167.89;
option host-name "something.com";
range 192.168.1.100;
allow members of "rule1";
}

class "rule1-A" {
match if not exists vendor-class-identifier;
}
pool {
option time-offset -12345;
option netbios-name-servers 10.232.1.45;
option time-servers 1.2.3.4,10.232.167.89;
option host-name "something.com";
range 192.168.1.111;
allow members of "rule1-A";
deny members of "rule1";
}

class "rule2" {
match if option nwip-domain ~= "str.?";
}
pool {
option time-offset -12345;
option policy-filter 3.4.5.6 255.255.255.0;
option time-servers 1.2.3.4,10.232.167.89;
option netbios-node-type 101;
range 192.168.1.125;
allow members of "rule2";
deny members of "rule1-A";
deny members of "rule1";
}

class "rule3" {
match if option nisplus-domain ~= ".*";
}
pool {
option time-offset -12345;
option policy-filter 3.4.5.6 255.255.255.0;
option time-servers 1.2.3.4,10.232.167.89;
option netbios-node-type 101;
range 192.168.1.201;
allow members of "rule3";
deny members of "rule2";
deny members of "rule1-A";
deny members of "rule1";
}

class "rule4" {
match if option vendor-class-identifier ~= ".*";
}
pool {
option time-offset -12345;
option policy-filter 3.4.5.6 255.255.255.0;
option time-servers 1.2.3.4,10.232.167.89;
option netbios-node-type 101;
range 192.168.1.202;
allow members of "rule4";
deny members of "rule3";
deny members of "rule2";
deny members of "rule1-A";
deny members of "rule1";
}

class "rule5" {
match if option vendor-class-identifier ~= "UY.*";
}
pool {
option time-offset -12345;
option policy-filter 3.4.5.6 255.255.255.0;
option time-servers 1.2.3.4,10.232.167.89;
option netbios-node-type 101;
range 192.168.1.203;
allow members of "rule5";
deny members of "rule4";
deny members of "rule3";
deny members of "rule2";
deny members of "rule1-A";
deny members of "rule1";
}

}


---

On Fri, Nov 6, 2009 at 12:52 PM, Ashmath Khan <hashmat.email at gmail.com>wrote:

> The strange part being if I remove not, even then it doesn't work, which
> means:
> (option nwip-domain ~= "str.?") evaluates to false and
> not (option nwip-domain ~= "str.?") also evaluates to false !
> And if I remove this altogether it works. Strange.
>
> Could this be a bug ?
>
> thanks
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20091106/672918ff/attachment.html>


More information about the dhcp-users mailing list