[Kea-users] deny booting or ignore booting
Francis Dupont
fdupont at isc.org
Fri Mar 22 12:03:51 UTC 2019
Munroe Sollog writes:
> Perhaps random wasn't a good choice of words. Given a MAC address we need
> a way of ensuring it does not DHCP. I'm open to alternatives to the
> ignore/deny booting function. Some sort of client classification?
=> the simplest (and most efficient as a rogue client can for instance
flood the server with junk queries) is to use a firewall feature to
drop messages on the floor. At the Kea server level the standard way
is to create a client class which matches all other clients and
to guard subnets or pools with this class so not resource will be
available to it. You can also write a hook to filter out messages
but it requires to write some code (vs a config update).
Regards
Francis Dupont <fdupont at isc.org>
PS: I cited the hook because it is the standard way to plug an
authentication/authorization service to Kea.
More information about the Kea-users
mailing list