Rejecting access by IP
Peter Lambrechtsen
peter at crypt.nz
Sun Jun 26 07:40:59 CEST 2016
You didn't close the brackets on the if statement, and I would put the
reply message before reject otherwise it won't get sent as reject stops all
processing, plus I would escape the "." from the IP address otherwise it
matches anything.
if ( Calling-Station-Id =~ /^121\.32/ ) {
update reply {
Reply-Message = "GeoAccess Error"
}
reject
}
On Sun, Jun 26, 2016 at 4:29 PM, Noel Butler <noel.butler at ausics.net> wrote:
> On 26/06/2016 13:52, Laura Steynes wrote:
>
>> Hello,
>>
>> I am trying to reject without trying access database, any one from an IP
>> range.
>>
>> In this case it is 121.32.x.x
>>
>> Google has shown some have success using a single IP use
>> Calling-Station_Id == 1.2.3.4 But I need to omit a range, however this
>> seems not to work, any ideas or suggestions muchly appreciated.
>>
>> if (Calling-Station-Id =~ /^121.32/ {
>>
>
> Not sure if this is your sole problem, but closing bracket after regex ?
>
> radiusd -X would be your next step
>
>
> reject
>> update reply {
>> Reply-Message = "GeoAccess Error"
>>
>
> Hrmmm, this might also need be := rather than just = but I'll leave that
> to someone more knowledgeable than I to confirm
>
> }
>> }
>>
>> Loz
>> -
>>
>
> --
> If you have the urge to reply to all rather than reply to list, you best
> first read http://members.ausics.net/qwerty/
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list