To add some filter rules in conf file

Ashmath Khan at
Mon Oct 19 08:48:11 UTC 2009

That's correct, I have the same understanding. But the issue is this:
I have a series of rules to be run in order, if a rule is met, then stop. It
would be something like this:
rule1: match a string in vendor option, select a pool etc
rule2: match a different string in vendor option
rule3: if vendor option doesn't exist select a pool etc
rule4: see if client falls in the h/w address range, select a pool etc.
rule5: see if client has requested for so and so option
So, I can't put all denies in one pool, like you did below.

If dhcpd doesn't currently support this, I need to do code changes to move
further. Can you or somebody suggest me, if you have already worked on
making changes ? or is there any other separate list which has dhcpd
developers(may not be the actual owners) ? or is there any other GPL based
dhcpd for Linux ?


On Mon, Oct 19, 2009 at 12:31 PM, Simon Hobson <dhcp1 at>wrote:

> Ashmath Khan wrote:
>  So then how do I make sure it picks always from pool 1 when it matches ?
>> Or is there a way I can make it to 'exit' when it finds the first match ?
> Simple - you apply allow or deny directives such that any client is only
> eligible to get an address from the pool(s) you want. Eg :
> pool {
>  allow members of "a";
>  ...
> }
> pool {
>  allow members of "b";
>  ...
> }
> pool {
>  deny members of "a";
>  deny members of "b";
>  ...
> }
> In this example, members of "a" are allowed only the first pool, members of
> "b" are allowed only the second pool, and anything else is allowed only the
> third pool.
> Note that if you use an allow statement, then anything not explicitly
> allowed is implicitly denied - and vice-versa when you use a deny. So in the
> first pool, anything NOT a member of "a" is implicitly denied - you don't
> need to explicitly deny members of "b". In the last pool, anything not in
> classes "a" and "b" is implicitly allowed.
> Statements are not executed in order, there is no "match this pool, match
> this pool, and only fall through to this pool if the previous ones don't
> match" capability. Internally, a lot of stuff is stored in hashed lists - so
> it's possible that things may not even be evaluated in the order they are
> written in the config file.
> Lastly, you are strongly advised not to try mixing allow and deny in one
> pool. Again, they are *not* executed in order until a match is found like
> some other software packages and the results may be non-intuitive. It's best
> to stick to either allow, or deny, within each pool.
> --
> Simon Hobson
> Visit for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the dhcp-users mailing list