Matching a prefix in huntgroups file
Brian Candler
b.candler at pobox.com
Sun Nov 6 17:53:09 CET 2016
Here's something odd then when trying out the "<" operator to check for
address within prefix.
(0) policy foo {
(0) if (10.254.1.1 < 10.254.0.0/16) {
(0) if (10.254.1.1 < 10.254.0.0/16) -> FALSE
(0) update {
(0) request:NAS-IP-Address := 10.254.1.1
(0) } # update = noop
(0) if (&NAS-IP-Address < 10.254.0.0/16) {
(0) if (&NAS-IP-Address < 10.254.0.0/16) -> TRUE
(0) if (&NAS-IP-Address < 10.254.0.0/16) {
(0) update {
(0) Tmp-String-1 := "BBB"
(0) } # update = noop
(0) } # if (&NAS-IP-Address < 10.254.0.0/16) = noop
(0) } # policy foo = noop
It seems the operator behaves differently for a literal versus an attribute?
Making the literal explicitly an IPv4 prefix rather than IPv4 address
doesn't change this.
(0) policy foo {
(0) if (10.254.1.1/32 < 10.254.0.0/16) {
(0) if (10.254.1.1/32 < 10.254.0.0/16) -> FALSE
More information about the Freeradius-Users
mailing list