12

Is it possible in dhcpd.conf to ignore requests from a set of MAC addresses?

Something like this:

host vminstances {
    hardware ethernet d0:0d:*;
    ignore booting;
}
James
  • 7,553
  • 2
  • 24
  • 33
Roberto Aloi
  • 565
  • 2
  • 5
  • 14

2 Answers2

13

You can use something like:

class "ignored" {
        match if substring(hardware,1,4) = 00:02;
}


pool {
        deny members of "ignored";
        range 192.168.172.100 192.168.172.149;
        }
Roy
  • 4,256
  • 4
  • 35
  • 50
  • Do you need the 'range' set in the pool? I would have thought this was irrelevant. – parsley72 May 09 '12 at 23:49
  • The range directive is just one way of defining a pool. – Roy May 27 '12 at 20:57
  • I'm sure it's possible, but if you're trying to ignore based on MAC address then why specify a range? Is it necessary? – parsley72 Jul 31 '12 at 01:22
  • The range relates to the pool of adresses to be assigned by the dhcp server, it does not relate to the filtering. Any client not matching the mac adresses defined in the class "ignored" will get adresses from this range. – Roy Sep 08 '12 at 22:53
7

From this thread on the mailing list, another option to block specific hosts is:

class "black-hole" {
    match substring (hardware, 1, 6);
    # deny booting;
    ignore booting;
}
subclass "black-hole" <MAC-ADDRESS-TO_IGNORE>;

The thread also says that the difference between ignore and deny is that the later logs the request whereas the former does not.

Dusty Campbell
  • 171
  • 1
  • 3