No subject

Giedrius Baronas g.baronas at gmail.com
Wed Nov 24 23:51:42 CET 2021 

Thanks Alan, It works :)

(1)     if ( NAS-IP-Address < 192.0.2.0/24 ){
(1)     if ( NAS-IP-Address < 192.0.2.0/24 ) -> *TRUE*
(1)     if ( NAS-IP-Address < 192.0.2.0/24 ) {
(1)       [reject] = reject
(1)     } # if ( NAS-IP-Address < 192.0.2.0/24 ) = reject
(1)   } # authorize = reject


2021-11-25, kt, 00:16 Alan DeKok <aland at deployingradius.com> rašė:

> On Nov 24, 2021, at 4:48 PM, Giedrius Baronas <g.baronas at gmail.com> wrote:
> > I read a manual about comparisons. If I write IP without network mask
> then
> > it works but if IP with mask I get error
> > Maybe who sees where I make a mistake?
>
>   You're doing a few things wrong.
>
> > From https://freeradius.org/radiusd/man/unlang.txt
> >
> >       Comparisons
> >                  (foo == bar) Compares 'foo' to 'bar', and evaluates to
> true
> >             if the comparison holds true.  Valid  comparison  operators
> are
> >             "==", "!=", "<", "<=", ">", ">=", "=~", and "!~", all with
> their
> >             usual meanings.  The operators ":=" and "=" are assignment
> oper-
> >             ators, and are not allowed for comparisons.
>
>   That's all true.
>
> >             The  operators  "<",  "<=",  ">",  and ">=" are also allowed
> for
> >             checking that an IP address is contained within a network.
>
>   Note: there's no "==" here.
>
> >   For
> >             example:       if (<ipaddr>192.0.2.1 < 192.0.2.0/24) { This
> com-
> >             parison succeeds, because the  address  192.0.2.1  is
> contained
> >             within the network 192.0.2.0/24.
>
>   That's true, too.  Once the parser knows that a particular thing is an
> IP address, it can automatically determine IP address / prefix.
>
> > My debug:
> > Wed Nov 24 21:35:27 2021 : Debug: (1)     if ( <ipaddr>NAS-IP-Address
> > == 192.0.2.0/24 ){Wed Nov 24 21:35:27 2021 : ERROR: (1)     Failed
> > casting rhs operand: Invalid IPv4 mask length "/24".  Only "/32"
> > permitted for non-prefix typesWed Nov 24 21:35:27 2021 : ERROR: (1)
> > Failed retrieving values required to evaluate condition
>
>   After some cleanup for formatting:
>
>    if ( <ipaddr>NAS-IP-Address == 192.0.2.0/24 ) {
>
>  * NAS-IP-Address is already "ipaddr" type.  You don't need to cast it to
> "ipaddr" again.
>
> * the "==" operator is not allowed for doing range comparisons.
>
>   The solution is to just do this:
>
>         if (NAS-IP-Address < 192.0.2.0/24 ) {
>
>   That checks if the NAS IP address is within the network.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Pagarbiai,
Giedrius
861569551

More information about the Freeradius-Users mailing list