diff options
author | jim-p <jimp@pfsense.org> | 2012-09-13 21:15:43 -0400 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2012-09-13 21:15:43 -0400 |
commit | 1f1a08c85b7e8ddc6473795534ed5422a2c5aaaf (patch) | |
tree | abc8057a57e98803fe99ddb8c70f3e7fdf7d01b3 /etc | |
parent | e288ddb111d0d7b00ec33b0672ed7ea2c417f629 (diff) | |
download | pfsense-1f1a08c85b7e8ddc6473795534ed5422a2c5aaaf.zip pfsense-1f1a08c85b7e8ddc6473795534ed5422a2c5aaaf.tar.gz |
Allow/deny access to DHCP by partial MAC matching.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/services.inc | 18 | ||||
-rw-r--r-- | etc/inc/util.inc | 5 |
2 files changed, 21 insertions, 2 deletions
diff --git a/etc/inc/services.inc b/etc/inc/services.inc index 6cea972..ffc15e8 100644 --- a/etc/inc/services.inc +++ b/etc/inc/services.inc @@ -535,6 +535,14 @@ EOPP; $dnscfg .= " option domain-name-servers " . join(",", $syscfg['dnsserver']) . ";"; } + /* Create classes */ + $all_mac_list = array_unique(explode(',', $dhcpifconf['mac_allow'] . ',' . $dhcpifconf['mac_deny'])); + foreach ($all_mac_list as $mac) { + $dhcpdconf .= 'class "' . str_replace(':', '', $mac) . '" {' . "\n"; + $dhcpdconf .= ' match if substring (hardware, 1, ' . (substr_count($mac, ':') + 1) . ') = ' . $mac . ';' . "\n"; + $dhcpdconf .= '}' . "\n"; + } + $dhcpdconf .= "subnet {$subnet} netmask {$subnetmask} {\n"; $dhcpdconf .= " pool {\n"; @@ -546,6 +554,16 @@ EOPP; $dhcpdconf .= ";\n"; } + /* allow/deny MACs */ + $mac_allow_list = array_unique(explode(',', $dhcpifconf['mac_allow'])); + foreach ($mac_allow_list as $mac) { + $dhcpdconf .= " allow members of \"" . str_replace(':', '', $mac) . "\";\n"; + } + $mac_deny_list = array_unique(explode(',', $dhcpifconf['mac_deny'])); + foreach ($mac_deny_list as $mac) { + $dhcpdconf .= " deny members of \"" . str_replace(':', '', $mac) . "\";\n"; + } + if($dhcpifconf['failover_peerip'] <> "") $dhcpdconf .= " deny dynamic bootp clients;\n"; diff --git a/etc/inc/util.inc b/etc/inc/util.inc index 881537f..e7a0734 100644 --- a/etc/inc/util.inc +++ b/etc/inc/util.inc @@ -604,8 +604,9 @@ function is_domain($domain) { } /* returns true if $macaddr is a valid MAC address */ -function is_macaddr($macaddr) { - return preg_match('/^[0-9A-F]{2}(?:[:][0-9A-F]{2}){5}$/i', $macaddr) == 1 ? true : false; +function is_macaddr($macaddr, $partial=false) { + $repeat = ($partial) ? '1,5' : '5'; + return preg_match('/^[0-9A-F]{2}(?:[:][0-9A-F]{2}){'.$repeat.'}$/i', $macaddr) == 1 ? true : false; } /* returns true if $name is a valid name for an alias */ |