Hi Currently playing around with the new(?) macaddress filter in dns_filter.conf trying to use it as a way to block nodes from getting access to the captive portal when using dns_enforcement since the reject role does not seem to work at all.
My plan was to add them like this and change the ipadress of the portal to something where I could just show a page like "your device has been blocked". Lets say that the correct IP for portal.test is 192.168.0.1. [mac_blocklist] filter = mac operator = regex value = ^(aa:bb:cc:00:11:22|00:11:22:aa:bb:cc) [portal_test] filter = qname operator = regex value = portal.test [dnsenforcement_mac_blocklist:mac_blocklist&portal_test] scope = dnsenforcement answer = $qname 1 IN A 10.0.0.1 rcode = NOERROR And this works fine, a client with a mac in the mac_blocklist will get 10.0.0.1 returned BUT the next client asking for portal.test will also get 10.0.0.1 instead of 192.168.0.1, it seems like the PF nameserver is caching the data since I can just wait a minute or two and then a client not in the list will resolve portal.test to 192.168.0.1. Strange enough it does not cache it the other way around, if a client not in the list asks for portal.test and it resolves to 192.168.0.1 a client that is in the mac_blocklist will still resolve portal.test to 10.0.0.1 instantly. I hope the above is clear enough :), if I'm correct and this is some kind of cache in the PF nameserver is there anyway to disable it? /anders
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
