Munroe Sollog writes: > Perhaps random wasn't a good choice of words. Given a MAC address we need > a way of ensuring it does not DHCP. I'm open to alternatives to the > ignore/deny booting function. Some sort of client classification?
=> the simplest (and most efficient as a rogue client can for instance flood the server with junk queries) is to use a firewall feature to drop messages on the floor. At the Kea server level the standard way is to create a client class which matches all other clients and to guard subnets or pools with this class so not resource will be available to it. You can also write a hook to filter out messages but it requires to write some code (vs a config update). Regards Francis Dupont <[email protected]> PS: I cited the hook because it is the standard way to plug an authentication/authorization service to Kea. _______________________________________________ Kea-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/kea-users
