<html><body><div style="font-family: Andale Mono; font-size: 10pt; color: #000000"><div>I want to come up with a method to disallow certain mac addresses from getting an address via DHCP. deny booting seems to be the way. My reading of the man page appears to indicate that deny booting will work in the host { } declaration.</div><div><br></div><div><hr></div><div><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;"> <b>The </b><span class="s1">booting</span> <b>keyword</b></p><p class="p2" style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;"> <b>allow booting;</b></p><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;"> <span class="s2"><b>deny </b></span>booting;</p><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;"> <b>ignore booting;</b></p><p class="p2" style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;"> The <b>booting </b>flag is used to tell dhcpd whether or not to respond to queries from a particular client. This keyword only has meaning when it appears in a host declaration. By default, booting is <b>allow</b>ed, but if it is disabled for a particular client, then</p><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;"> that client will not be able to get an address from the DHCP server.</p><hr><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;">So a line like this:</p><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;">host bad_client {hardware ethernet 00:03:91:BE:55:38; deny booting;}</p></div><div><br></div><div>should cause the DHCP server to not allow the client to receive an IP address, correct? Has anyone done this and can confirm that it works?</div><div><br></div><div><br></div><div>.................</div><div><br></div><div><br></div><div>btw .. the man page says "This keyword only has meaning when it appears in a host declaration." for the booting keyword as shown above. I happen to know that it works in the global area as well. The following configuration works to deny clients with the matching mac prefix.</div><div><br></div><div><p style="margin: 0px;" data-mce-style="margin: 0px;">if (binary-to-ascii(16,8,":",substring(hardware, 1, 3)) = "0:3:91") {<br> deny booting;<br>}</p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p style="margin: 0px;" data-mce-style="margin: 0px;">Producing log messages like this (log message slightly altered to protect privacy):</p><p style="margin: 0px;" data-mce-style="margin: 0px;"><br></p><p class="p1" style="margin: 0px;" data-mce-style="margin: 0px;">May 2 18:28:00 hostname dhcpd: DHCPDISCOVER from 00:03:91:f0:98:00 via 1.1.1.1: booting disallowed</p></div></div></body></html>