<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFCC" text="#000000">
<br>
<div class="moz-cite-prefix">On 14/02/14 20.51, Doug Barton wrote:<br>
</div>
<blockquote cite="mid:52FE73DC.1050302@dougbarton.us" type="cite">On
02/14/2014 07:25 AM, Simon Hobson wrote:
<br>
<blockquote type="cite">Sten Carlsen <a class="moz-txt-link-rfc2396E" href="mailto:stenc@s-carlsen.dk"><stenc@s-carlsen.dk></a>
wrote:
<br>
<br>
<blockquote type="cite">They are, to my knowledge and
experience, independent.
<br>
<br>
I.e. you make the allow/deny setup for each, both as
described.
<br>
</blockquote>
<br>
I think the question was more ...
<br>
If the class allow/deny statements mean that a client should be
denied and the host (known host) allow/deny statements mean that
it should be allowed (or vice versa), which one takes effect ?
One says allow, the other says deny, one has to lose.
<br>
</blockquote>
<br>
I think y'all are making this too complicated. :) In the case of
wanting to allow only a certain thing (whether class or known
hosts) it's simple. Anything not allowed is denied. There is no
reason to mix allow and deny statements there.
<br>
<br>
If you want to deny some things, but allow everything else, put
the deny statements in. Everything else will be allowed.
<br>
</blockquote>
Well, do remember that hosts and classes are independent and both
must be considered.<br>
<br>
So the question was really:<br>
<br>
Given:<br>
host H1 {hardware 1:xxxxx}<br>
<br>
class C1 { match hardware; }<br>
<br>
subclass C1{ hardware 1:xxxxx;}<br>
<br>
<br>
range { 1.2.3.4 1.2.3.8<br>
allow C1;<br>
Deny known-hosts;<br>
}<br>
<br>
<br>
Forget the syntax mistakes, but a host that matches both H1 and C1
will be allowed/denied?<br>
<br>
With different more complicated matching criteria for the class,
this could easily happen by mistake - so what will the result be?<br>
<br>
<blockquote cite="mid:52FE73DC.1050302@dougbarton.us" type="cite">
<br>
Or put more simply, if you are mixing allow and deny statements in
the same stanza you are almost certainly doing it wrong.
<br>
<br>
hope this helps,
<br>
<br>
Doug
<br>
<br>
_______________________________________________
<br>
dhcp-users mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:dhcp-users@lists.isc.org">dhcp-users@lists.isc.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/dhcp-users">https://lists.isc.org/mailman/listinfo/dhcp-users</a>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
</pre>
</body>
</html>