Fwd: To add some filter rules in conf file

Thu Oct 15 14:34:13 UTC 2009

Thanks Glenn. I already posted this to the list.
No, I need mac address range, i.e, how the input is going to be. The user
would provide start and end range.

*Beshir, Simon*, do you have any idea ?

thanks
Ashmath

On Thu, Oct 15, 2009 at 7:35 PM, Glenn Satchell
<Glenn.Satchell at uniq.com.au>wrote:

> >From: Ashmath Khan <hashmat.email at gmail.com>
> >Date: Thu, 15 Oct 2009 19:13:13 +0530
> >Subject: Re: Fwd: To add some filter rules in conf file
> >To: Glenn Satchell <Glenn.Satchell at uniq.com.au>
> >
> >Thank you very much Glenn.
> >For question #5, I don't have known MAC addressess. But I have a range. I
> >already looked into subclasses, I don't think i can use that for range. Is
> >there a way to define range of MAC addresses with start and end ?
>
> No.
>
> The most common way is where the class matches against a substring of
> the mac address, often the first three bytes, eg something like this:
>
> match if substring(hardware, 1, 3) = 00:11:22;
>
> Does that get you closer?
>
> Otherwise, please post to the list what goal you are trying to
> achieve. There may be an entirely different and easier way to achieve
> the it. There are a lot of experts here who know how to best use the
> capabilities of dhcpd.conf statements...
>
> regards,
> -glenn
>
>
> >thanks
> >Ashmath
> >
> >On Thu, Oct 15, 2009 at 7:07 PM, Glenn Satchell
> ><Glenn.Satchell at uniq.com.au>wrote:
> >
> >>
> >> >From: Ashmath Khan <hashmat.email at gmail.com>
> >> >Date: Thu, 15 Oct 2009 18:50:52 +0530
> >> >Subject: Fwd: To add some filter rules in conf file
> >> >To: Glenn Satchell <Glenn.Satchell at uniq.com.au>,
> >> tinzauro at ha-solutions.net
> >> >
> >> >Can you please reply ? thanks.
> >> >
> >> >---------- Forwarded message ----------
> >> >From: Ashmath Khan <hashmat.email at gmail.com>
> >> >Date: Thu, Oct 15, 2009 at 4:07 PM
> >> >Subject: Re: To add some filter rules in conf file
> >> >To: Users of ISC DHCP <dhcp-users at lists.isc.org>,
> dhcp1 at thehobsons.co.uk,
> >> >dhcp-users at isc.org, Reissom Beshir <Reissom_Beshir at mitel.com>
> >> >
> >> >
> >> >More questions:
> >> >4.  Can I scan for a particular option which client has sent from the
> >> option
> >> >dhcp-parameter-request-list ?
> >>
> >> Not easily. You could use substring to test each possible position, but
> >> there is no regular expression or wildcard matching.
> >>
> >> >5. How do I filter clients based on their h/w addresses. I tried this,
> but
> >> >it gives error:
> >> >class "rule1" {
> >> >match if substring (hardware, 1, 6) >= 00:19:7D:72:B7:7A and substring
> >> >(hardware, 1, 6) <= FF:FF:FF:FF:FF:FF;
> >> >}
> >>
> >> You can't use > or < for string comparisons. The evaluation engine in
> >> dhcpd is very basic.
> >>
> >> If you have particular known mac addresses then you can add them as a
> >> sub-class. This is explained in dhcpd.conf man page, look for the
> >> section SUBCLASSES. Then you can use allow or deny of that class inthe
> >> pool.
> >>
> >> More answers below.
> >>
> >> >subnet 192.168.1.0 netmask 255.255.255.0 {
> >> >
> >> >pool {
> >> >option router-discovery off;
> >> >option domain-name-servers 192.168.1.250;
> >> >range 192.168.1.66;
> >> >allow members of "rule1";
> >> >}
> >> >default-lease-time 86500;
> >> >max-lease-time 86500;
> >> >option routers 192.168.1.254;
> >> >}
> >> >
> >> >Thanks in Advance.
> >> >
> >> >-Ashmath
> >> >
> >> >
> >> >On Thu, Oct 15, 2009 at 3:26 PM, Ashmath Khan <hashmat.email at gmail.com
> >> >wrote:
> >> >
> >> >> Sorry.. i missed that, client didn't request those options. Its
> working
> >> >> now. But I had these further:
> >> >>
> >> >> 1. Is it possible to group the options together so that I refer them
> by
> >> >> some name ? like in the below example instead of giving
> router-discovery
> >> and
> >> >> boot-size, I can just give a group name, which will select those
> >> options.
> >>
> >> No.
> >>
> >> >> 2.  is it possible to have wild chars in the search string ? like if
> I
> >> want
> >> >> to search the string "Phone*client" or "Alcatel?client" etc. I think
> i
> >> can
> >> >> use the existing eval expressions to search the strings, but then I
> need
> >> to
> >> >> parse these wild char strings, understand them, and apply eval
> >> expressions.
> >> >> Is there any direct method which would recognize wild chars ?
> >>
> >> No.
> >>
> >> >> 3. Say I have this rule below: And rule1 passes, rule2 fails, and I
> saw
> >> >> that it doesn't go into third pool i.e, rule2 deny one, which seems
> to
> >> be
> >> >> correct. It means once it finds a pool match, then it won't evaluate
> >> other
> >> >> pools. Is this understanding correct ?
> >> >>
> >> >> class "rule1" {
> >> >> match if substring (option vendor-class-identifier, 0, 4) = "MSFT";
> >> >> }
> >> >>
> >> >> class "rule2" {
> >> >> match if substring (option dhcp-option-overload, 0, 4) = "NSFT";
> >> >> }
> >> >>
> >> >>
> >> >> subnet 192.168.1.0 netmask 255.255.255.0 {
> >> >>
> >> >> pool {
> >> >> option router-discovery off;
> >> >> option domain-name-servers 192.168.1.254;
> >> >> range 192.168.1.66;
> >> >> allow members of "rule1";
> >> >> }
> >> >>
> >> >> pool {
> >> >> option router-discovery off;
> >> >> option domain-name-servers 192.168.1.111;
> >> >> range 192.168.1.100;
> >> >> allow members of "rule2";
> >> >> }
> >> >>
> >> >> pool {
> >> >> option router-discovery on;
> >> >> option domain-name-servers 192.168.1.222;
> >> >> option boot-size 512;
> >> >> range 192.168.1.200;
> >> >> deny members of "rule2";
> >> >> }
> >> >>
> >> >>
> >> >> default-lease-time 86500;
> >> >> max-lease-time 86500;
> >> >> option routers 192.168.1.254;
> >> >>
> >> >> }
> >> >>
> >> >> thanks
> >> >> Ashmath
> >>
> >> A particular client can be a member of multiple classes. My
> >> understanding is the first pool that matches is used.
> >>
> >> Allowing a class denies all other classes, denying a class allows all
> >> others. Mixing allow and deny in the same class can have unexpected
> >> results, so use carefully.
> >>
> >> HTH.
> >>
> >> regards,
> >> -glenn
> >> --
> >> Glenn Satchell   mailto:glenn.satchell at uniq.com.au | Miss 9: What do
> you
> >> Uniq Advances Pty Ltd       http://www.uniq.com.au | do at work Dad?
> >> PO Box 70 Paddington NSW Australia 2021            | Miss 6: He just
> >> tel:0409-458-580     fax:02-9380-6416              | types random stuff.
> >>
> >> >>
> >> >>
> >> >>
> >> >> On Wed, Oct 14, 2009 at 8:50 PM, Simon Hobson <
> dhcp1 at thehobsons.co.uk
> >> >wrote:
> >> >>
> >> >>> Ashmath Khan wrote:
> >> >>>
> >> >>>  I tried this:
> >> >>>> class "rule1" {
> >> >>>> match if substring (option dhcp-client-identifier, 0, 5) =
> >> >>>> 01:00:19:7d:72;
> >> >>>> option time-offset -12345;
> >> >>>> option boot-size 65000;
> >> >>>> }
> >> >>>> subnet 192.168.1.0 netmask 255.255.255.0 {
> >> >>>> pool {
> >> >>>> allow members of "rule1";
> >> >>>> range 192.168.1.66;
> >> >>>> }
> >> >>>> default-lease-time 86400;
> >> >>>> max-lease-time 86400;
> >> >>>> option routers 192.168.1.254;
> >> >>>> option domain-name-servers 192.168.1.254;
> >> >>>> }
> >> >>>>
> >> >>>> => it didn't work completely. I did get dhcp offer message but the
> >> >>>> options: time-offset and boot-size were not sent as part of dhcp
> >> offer. Any
> >> >>>> reasons ? How do I make it work ?
> >> >>>>
> >> >>>
> >> >>> Did the client request those options ?
> >> >>>
> >> >>> If not then the server won't send them. You can force it to (see the
> >> >>> recent thread "how to get slp-directory-agent option working"). But
> if
> >> the
> >> >>> client doesn't request it, there's a good chance it doesn't know
> what
> >> to do
> >> >>> with it and will ignore it.
> >> >>>
> >> >>>
> >> >>> --
> >> >>> Simon Hobson
> >> >>>
> >> >>> Visit http://www.magpiesnestpublishing.co.uk/ for books by
> acclaimed
> >> >>> author Gladys Hobson. Novels - poetry - short stories - ideal as
> >> >>> Christmas stocking fillers. Some available as e-books.
> >> >>> _______________________________________________
> >> >>> dhcp-users mailing list
> >> >>> dhcp-users at lists.isc.org
> >> >>> https://lists.isc.org/mailman/listinfo/dhcp-users
> >> >>>
> >> >>
> >> >>
> >>
> >>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20091015/b65d1786/attachment-0001.html>