Framed-IP-Address - Framed-Route filter

[Gabriel Blanchard]

I'm fairly sure this functionality currently doesn't exist so I'll  
ask. I checked the code already for rlm_attribute_filter and it  
definitely doesn't do it.

I'm trying to setup radius so that I can filter proxy responses with  
subnets that don't belong to them, right now the module only appears  
to support direct matches. I can't specify something like "anything  
within this /24 is allowed".

It would probably be easier to simply code a module but that would  
mean repeating configuration regarding realms so it would probably  
make more sense if it would be part of proxy.conf.

I'm thinking a configuration like below would make sense.

filter filter1 {
	subnet "10.10.10.0/24"
	accept
}

filter filter1 {
	subnet "10.10.10.0/24"
	deny
}

filter_list filter_foo {
	filter filter1
	filter filter2
}

realm test.com {
	pool = foo
	filter_list = filter_foo
}