[Dnsmasq-discuss] Question about dnsmasq dhcp-ignore
mariodebian
mariodebian at gmail.com
Fri Feb 4 18:26:48 GMT 2011
El vie, 04-02-2011 a las 09:41 -0600, richardvoigt at gmail.com escribió:
> On Fri, Feb 4, 2011 at 6:15 AM, mariodebian <mariodebian at gmail.com> wrote:
> > Hi.
> >
> > This is my first message in this list, sorry if anyone made this
> > question before.
> >
> > I have a simple /24 network with dnsmasq as DHCP server and DNS cache.
> >
> > dhcp-range=192.168.1.55,192.168.1.199,2h
> > dhcp-option=option:router,192.168.1.1
> > dhcp-option=option:dns-server,192.168.1.1
> >
> > The dynamic range is reserved for notebooks and other computers
> > connected by wired or wireless...
> >
> > I want to block all mobile devices (iPhone, HTC, Blackberry...) first
> > ignoring DHCP and second adding a DROP line to iptables with all ignored
> > MAC.
> >
> > To ignore a MAC vendor range I use this:
> >
> > dhcp-ignore=tobeignored
> > dhcp-mac=tobeignored,00:21:e9:*:*:*
> >
> > This works ok, but I want to have a white list, I had tried something
> > like this:
> >
> > dhcp-ignore=!whitelist,tobeignored
> > dhcp-mac=tobeignored,00:21:e9:*:*:*
> > dhcp-mac=whitelist,00:21:e9:aa:aa:aa
> >
> > But, with this config, dnsmasq stop ignoring DHCP requests.
> >
> > How can I add 2 or more networks flags to dhcp-ignore?
> > How can I negate the network flag in dhcp-ignore?
> >
> > I can't use "know "flag because I don't have all allowed MAC.
> >
> > dnsmasq version: 2.45-1+lenny1
>
> Upgrade your dnsmasq. Then you can have system like "bulkignore"
> (based on vendor), "whitelist", and use the new "set-if" command to
> combine them into a single "tobeignored" tag.
Thanks Richard, upgrading to 2.55 fix the problem, my config for future
questions:
dhcp-vendorclass=set:tobeignored,BlackBerry
dhcp-ignore=net:!whitelist,net:tobeignored
dhcp-host=38:e7:d8:aa:aa:aa,net:whitelist # allow my nexusone mobile
dhcp-host=38:e7:d8:*:*:*,net:tobeignored # deny other nexusone
I can't ignore based on Vendor Class on some devices
(HTC Nexus One have a dhcpd vendor not HTC)
Greetings
--
http://mariodebian.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20110204/7728722f/attachment.pgp
More information about the Dnsmasq-discuss
mailing list