Matching a prefix in huntgroups file
Brian Candler
b.candler at pobox.com
Fri Nov 4 22:56:44 CET 2016
On 04/11/2016 16:59, Alan DeKok wrote:
>> But does that mean you can test for an IP address being within a prefix? If so, which operator would you use? I tried:
>> >
>> > if (&NAS-IP-Address == 10.254.0.0/16) { ...
> That should work. There are tests for it.
Doesn't seem to. Here's a testing entry in policy.d/foo
foo {
if (10.254.1.1 == 10.254.0.0/16) {
update {
Tmp-String-0 := "AAA"
}
}
update {
request:NAS-IP-Address := 10.254.1.1
}
if (&NAS-IP-Address == 10.254.0.0/16) {
update {
Tmp-String-1 := "BBB"
}
}
}
and here's the debug output:
(0) policy foo {
(0) if (10.254.1.1 == 10.254.0.0/16) {
(0) if (10.254.1.1 == 10.254.0.0/16) -> FALSE
(0) update {
(0) request:NAS-IP-Address := 10.254.1.1
(0) } # update = noop
(0) if (&NAS-IP-Address == 10.254.0.0/16) {
(0) if (&NAS-IP-Address == 10.254.0.0/16) -> FALSE
(0) } # policy foo = noop
>
> Or, just cast NAS-IP-Address to <ipv4prefix>
>
That doesn't seem to work either:
(0) policy foo {
(0) if (<ipv4prefix>10.254.1.1 == 10.254.0.0/16) {
(0) if (<ipv4prefix>10.254.1.1 == 10.254.0.0/16) -> FALSE
(0) update {
(0) request:NAS-IP-Address := 10.254.1.1
(0) } # update = noop
(0) if (<ipv4prefix>&NAS-IP-Address == 10.254.0.0/16) {
(0) if (<ipv4prefix>&NAS-IP-Address == 10.254.0.0/16) -> FALSE
(0) } # policy foo = noop
The above tests done on ubuntu 16.04, with freeradius 3.0.12 from the PPA.
Regards,
Brian.
More information about the Freeradius-Users
mailing list