We are running DHCPD 4.1.1-P1 on a RHEL 6 server. Currently we have 1 class defined for deny purposes. We now have a need for a class match to allow all devices that match a variable and deny everything else. Our current class config is as follows and we are matching on MAC address:
## Define denied
class "denied" {
match if substring (hardware,1,3) = 00:54:36;
}
And in the pool declaration we deny the class:
pool {
deny members of "denied";
range 192.168.100.100 192.168.100.200;
}
Our new class config will be as follows:
## Define denied
class "denied" {
match if substring (hardware,1,3) = 00:54:36;
}
class "allowed" {
match if substring (hardware,1,3) = 00:42:12;
)
With the pool declaration of:
pool {
allow members of "allowed";
deny members of "denied";
range 192.168.100.100 192.168.100.200;
}
My first question is, would we need the deny class once we bring in the allow class? My understanding is that the allow implicitly denies everything else. Also, how could we class match our allow class by hostname instead of MAC address? In my research I have been unable to figure out what the statements would actually look like from the examples I have seen. In /var/lib/dhcp/dhcpd.leases we have 2 lines of possible interest for each lease written.
hardware ethernet xx:xx:xx:xx:xx:xx;
client-hostname "hostname";
I'm guessing here that the if we wanted to class match on hostname it would look something like this:
class "allowed" {
match if substring (client-hostname) = "hostname";
}
And the pool declaration would look like this:
pool {
allow members of "allowed";
deny members of "denied";
range 192.168.100.100 192.168.100.200;
}
So, summarizing my 2 questions again.
1) does an "allow member" statement in the pool declaration implicitly deny everything else and I would no longer need my deny statement?
2) What is the proper class match syntax to match on hostname?
Best Answer
For the first question:
does an "allow member" statement implicitly deny everything else ?
Well the question is answered in the manpage of dhcpd.conf:
For the second question match on hostname
do you mean the hostname of the request or the hostname configured on your dhcp server ?
To react on the hostname sent, it should simply be
or for a partial:
Matching on the config-option doesn't seem to work