attr_filter rule evaluation

Gerald Vogt vogt at spamcop.net
Wed Apr 22 13:19:48 CEST 2015


Hi!

>From the documentation I find it a little bit confusing how filter rules
work exactly.

The manual page rlm_attr_filter says:

"The rules for each entry are parsed to top to bottom, and an attribute
must pass *all* the rules which affect it in order to make it past the
filter."

The post-proxy file contains this:

DEFAULT
        Service-Type == Framed-User,
        Service-Type == Login-User,
        Login-Service == Telnet,
        Login-Service == Rlogin,
        Login-Service == TCP-Clear,
        Login-TCP-Port <= 65536,
...

But if it has to pass all the rules doesn't that mean that Service-Type
and Login-Service are basically always filtered out because, for
instance, for a single valued Service-Type attribute either the first or
second rule will always fail. And as there is always one rule failing it
will never make it past the filter.

Thanks,

Gerald


More information about the Freeradius-Users mailing list