I just discovered that I got wrong what "dhcp-ignore" does... I'll try 
to explain what I want and what I did and see if someone can explain me 
what I got wrong or, better yet, a way to do what I want :-)

I'm using 2.45 (but can upgrade to 2.46 if needed).

I'm using dnsmasq in a firewall with three "internal" legs (2 different 
wifi networks and a local wired net).

In the local wired net I'm using one class "C" network, but I have 2 
different ranges (with different treatment in my firewall). I want to 
give IP addresses in one range only to MACs I know, and in the other 
range to others, so I wrote part of my configuration as in the file 
attached... in particular:



At first everything went the way I wanted... my three known PCs got 
their addresses from the first range (, and and all the rest got address from the second range...

But when we hook up a new computer and I didn't notice that my second 
range was too little, instead of rejecting the DHCPREQUEST for not 
having enough IPs, it gave it an IP from the first range (

I thought that the line:


would prevent this, but clearly I'm understanding it wrong... or I hit a 

How should I configure my dnsmasq to prevent unknown MACs from getting 
an IP in the "tagIKnowYou" range?


