To add some filter rules in conf file

Ashmath Khan hashmat.email at gmail.com
Tue Oct 20 12:11:37 UTC 2009 

>
>
> rule 1: If its red, use the red pool, else
> rule 2: If its fat, use the fat pool, else
> rule 3: If its tall, use the tall pool, else
> rule 4: Use the cold pool
>
> You'd express this in terms of :
> If it's Red, then set kind:=red
> Elseif it's fat, then set kind:=fat
> Elseif it's tall, then set kind:=tall
> Else, set kind:=cold
>
> Then you'd have classes like this :
> Class "red" { match if kind="red" ; ...}
> Class "fat" { match if kind="fat" ; ...}
> Class "tall" { match if kind="tall" ; ...}
> Class "cold" { match if kind="cold" ; ...}
>
> You now have four classes that are mutually exclusive and so you just have
> to "allow member of ..." a single class in each pool.
>
> It's not something I've ever tried. I'd hope that the expression and
> conditionals would be evaluated before evaluating the class memberships - if
> not then it can't ever hope to work.
>
This seems to be a good idea. I tried and it didn't work. I tried many
possibilities with having quotes, removing quotes etc. The dhcpd didn't
respond with dhcp offer which means it didn't hit any class. Here is the
last version i tried:
subnet 192.168.1.0 netmask 255.255.255.0 {

default-lease-time 86500;
max-lease-time 86500;
option routers 192.168.1.254;

set kind = 0;

if substring (option vendor-class-identifier, 0, 4) = "MSFT" {
set kind = 1;
} elsif substring (option dhcp-option-overload, 0, 4) = "MSFT" {
set kind = 2;
} elsif not exists dhcp-option-overload {
set kind = 21;
}


class "Crule1" {
match if kind = "1";
}

pool {
option router-discovery off;
option domain-name-servers 192.168.1.254, 192.168.1.202;
range 192.168.1.87;
allow members of "Crule1";
}

class "Crule2" {
match if kind = "2";
}

pool {
option router-discovery off;
option domain-name-servers 192.168.1.111;
range 192.168.1.117;
allow members of "Crule2";
}

class "Crule2A" {
match if kind = "0";
}

pool {
option router-discovery on;
option domain-name-servers 192.168.1.222;
option boot-size 512;
range 192.168.1.237;
allow members of "Crule2A";
}


}



>  Finally - what are you actually trying to achieve ?
>>>
>> My objective is to classify clients! To allow some clients certain pools,
> to block some clients etc.The application could be a router running dhcp
> server for some organisation.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20091020/3b39b296/attachment.html>

More information about the dhcp-users mailing list