nguyenvinht wrote:
Thanks for replying. I want to implement this through RADIUS Server. Looking for some code modification or new attributes to accomplish the task.
Vinh.
tnt wrote:
Allow everybody (who knows your secret) to use your radius server by entering 0.0.0.0/0 as client address in clents.conf. Use firewall to block access to radius ports for those specific IP addresses.
Allow everybody (who knows your secret) to use your radius server by entering 0.0.0.0/0 as client address in clents.conf. Enter naughty hosts in naughty huntgroup. Check for naughty huntgroup and reject. Huntgroups naughty Packet-Src-IP-Address == naughtyhostone.com naughty Packet-Src-IP-Address == 139.184.12.1 naughty Packet-Src-IP-Address == 127.0.0.1 Users DEFAULT Huntgroup-Name == "naughty", Auth-Type := Reject Apparently RFC states that server must respond ... so unless you use a firewall, naughty hosts will know the servers alive , and be able to flood it with lots of requests. Only way to get FreeRADIUS to be quiet is to modify the source. -- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900