Rejecting access by IP
Laura Steynes
laura.steynes72 at gmail.com
Mon Jun 27 11:19:35 CEST 2016
Hi,
After reading Noel's post I changed it and it worked - however the reject
message didn't I've just added your change as well to fix that, thank you!
On Sun, Jun 26, 2016 at 3:40 PM, Peter Lambrechtsen <peter at crypt.nz> wrote:
> You didn't close the brackets on the if statement, and I would put the
> reply message before reject otherwise it won't get sent as reject stops all
> processing, plus I would escape the "." from the IP address otherwise it
> matches anything.
>
> if ( Calling-Station-Id =~ /^121\.32/ ) {
> update reply {
> Reply-Message = "GeoAccess Error"
> }
> reject
> }
>
>
>
> On Sun, Jun 26, 2016 at 4:29 PM, Noel Butler <noel.butler at ausics.net>
> wrote:
>
> > On 26/06/2016 13:52, Laura Steynes wrote:
> >
> >> Hello,
> >>
> >> I am trying to reject without trying access database, any one from an IP
> >> range.
> >>
> >> In this case it is 121.32.x.x
> >>
> >> Google has shown some have success using a single IP use
> >> Calling-Station_Id == 1.2.3.4 But I need to omit a range, however this
> >> seems not to work, any ideas or suggestions muchly appreciated.
> >>
> >> if (Calling-Station-Id =~ /^121.32/ {
> >>
> >
> > Not sure if this is your sole problem, but closing bracket after regex ?
> >
> > radiusd -X would be your next step
> >
> >
> > reject
> >> update reply {
> >> Reply-Message = "GeoAccess Error"
> >>
> >
> > Hrmmm, this might also need be := rather than just = but I'll leave
> that
> > to someone more knowledgeable than I to confirm
> >
> > }
> >> }
> >>
> >> Loz
> >> -
> >>
> >
> > --
> > If you have the urge to reply to all rather than reply to list, you best
> > first read http://members.ausics.net/qwerty/
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list