To add some filter rules in conf file
Ashmath Khan
hashmat.email at gmail.com
Tue Oct 20 18:08:12 UTC 2009
On Tue, Oct 20, 2009 at 11:24 PM, Bruce Hudson <Bruce.Hudson at dal.ca> wrote:
> > Its NOT if it doesn't match any class, ignore the client. Its for some
> > match, ignore the client. Its bit tricky here. This would be possible use
> > variables but it doesn't work. thanks.
>
> You can assign every client membership in exactly one class of your
> set of class according to any combination of conditions. That is step
> one. Step two maps the classes to your pools. If none of your pools has
> a permit for a given class, the members of that class are essentially
> ignored. You can also do this explicitly by including the "ignore booting"
> directive in the class definition.
>
> Thanks Bruce. This is a bit tricky as I mentioned before. Consider this:
I want to drop clients if its option 60 has the string "VIP".
so I have a class:
class "VIP" { match if substring(option 60, 0,3) = "VIP"; }
later I have other classes... etc
then I have the pool:
pool {
.... dummy..
deny members of "VIP";
}
later other pools etc.
Now, suppose, there is incoming packet from client which has option 60 and
string "VIP". It doesn't match the first pool. But there is a chance that it
could match other pools and that pool is assigned, there is no break or exit
here.
If you are having trouble working this out, you may want to build a
> test version of the server. Look at the debugging options in "site.h":
> DEBUG_EXPRESSIONS, DEBUG_CLASS_MATCHING, and DEBUG_FIND_LEASE.
>
ok. thanks. Let me check this. Do you also know where is the log info stored
if I run with -f -q -d option ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20091020/2cb32e7a/attachment.html>
More information about the dhcp-users
mailing list