attr_filter rule evaluation
Alan DeKok
aland at deployingradius.com
Wed Apr 22 13:53:26 CEST 2015
On Apr 22, 2015, at 7:19 AM, Gerald Vogt <vogt at spamcop.net> wrote:
> From the documentation I find it a little bit confusing how filter rules
> work exactly.
It's pretty simple. Unfortunately simple, in fact.
> The post-proxy file contains this:
>
> DEFAULT
> Service-Type == Framed-User,
> Service-Type == Login-User,
> Login-Service == Telnet,
> Login-Service == Rlogin,
> Login-Service == TCP-Clear,
> Login-TCP-Port <= 65536,
> ...
>
> But if it has to pass all the rules doesn't that mean that Service-Type
> and Login-Service are basically always filtered out because, for
> instance, for a single valued Service-Type attribute either the first or
> second rule will always fail. And as there is always one rule failing it
> will never make it past the filter.
Yes.
If you want more complex filtering, use unlang.
Alan DeKok.
More information about the Freeradius-Users
mailing list