[Kea-users] deny booting or ignore booting

Francis Dupont fdupont at isc.org
Fri Mar 22 12:03:51 UTC 2019


Munroe Sollog writes:
> Perhaps random wasn't a good choice of words.  Given a MAC address we need
> a way of ensuring it does not DHCP.  I'm open to alternatives to the
> ignore/deny booting function.  Some sort of client classification?

=> the simplest (and most efficient as a rogue client can for instance
flood the server with junk queries) is to use a firewall feature to
drop messages on the floor. At the Kea server level the standard way
is to create a client class which matches all other clients and
to guard subnets or pools with this class so not resource will be
available to it. You can also write a hook to filter out messages
but it requires to write some code (vs a config update).

Regards

Francis Dupont <fdupont at isc.org>

PS: I cited the hook because it is the standard way to plug an
authentication/authorization service to Kea.



More information about the Kea-users mailing list