This adds in the option to have "deny known clients" in dhcpd.conf
This is applied to the range command so applies to the dynamic addresses
given.
If you have just a range statement say in blue then if you are not using
vlans you could have the situation where a known host in green might end
up getting a lease from the blue range. Here a deny known-clients makes
sense. Your range in this case would be limited to only unknown clients if
deny known-clients was selected.
dhcp WUI has been modified to add in this command. Error message has been
added to check that a range has been specified if the deny unknown clients
checkbox has been selected.
Language files updated with additional items (English, German & Dutch).
For more information on the history of this please see the bugzilla entry
Signed-off-by: Adolf Belka <ahb.ipfire(a)gmail.com>
---
doc/language_issues.en | 2 ++
doc/language_issues.es | 2 ++
doc/language_issues.fr | 2 ++
doc/language_issues.it | 2 ++
doc/language_issues.pl | 2 ++
doc/language_issues.ru | 2 ++
doc/language_issues.tr | 2 ++
doc/language_missings | 12 ++++++++++++
html/cgi-bin/dhcp.cgi | 19 ++++++++++++++++++-
langs/de/cgi-bin/de.pl | 2 ++
langs/en/cgi-bin/en.pl | 2 ++
langs/nl/cgi-bin/nl.pl | 2 ++
12 files changed, 50 insertions(+), 1 deletion(-)
diff --git a/doc/language_issues.en b/doc/language_issues.en
index b3c46de5e..3955d3ae7 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -574,6 +574,7 @@ WARNING: untranslated string: dhcp advopt value = Option value
WARNING: untranslated string: dhcp allow bootp = Allow bootp clients
WARNING: untranslated string: dhcp bootp pxe data = Enter optional bootp pxe data for this fixed lease
WARNING: untranslated string: dhcp configuration = DHCP configuration
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: dhcp dns update = DNS Update
@@ -582,6 +583,7 @@ WARNING: untranslated string: dhcp dns update secret = Secret
WARNING: untranslated string: dhcp server = DHCP Server
WARNING: untranslated string: dhcp server disabled = DHCP server disabled. Stopped.
WARNING: untranslated string: dhcp server enabled = DHCP server enabled. Restarting.
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
WARNING: untranslated string: dhcp-options = DHCP push options
WARNING: untranslated string: dial = Connect
WARNING: untranslated string: dial profile = Connect with profile
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 9f62f03f2..2cd36a5a1 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -886,11 +886,13 @@ WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov
WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.
WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: dhcp dns update = DNS Update
WARNING: untranslated string: dhcp dns update algo = Algorithm
WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
WARNING: untranslated string: disable = Disable
WARNING: untranslated string: disconnected = Disconnected
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 90a745360..279e1ba37 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -879,6 +879,8 @@ WARNING: translation string unused: zoneconf val vlan tag assignment error
WARNING: translation string unused: zoneconf val zoneslave amount error
WARNING: untranslated string: asn lookup failed = AS lookup failed
WARNING: untranslated string: autonomous system = Autonomous System
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
WARNING: untranslated string: dns enable safe-search youtube = Include YouTube in Safe Search
WARNING: untranslated string: fwhost cust locationgrp = unknown string
WARNING: untranslated string: fwhost err hostip = unknown string
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 62e4f9953..4ac4754dc 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -911,11 +911,13 @@ WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: desired = Desired
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: dhcp dns update = DNS Update
WARNING: untranslated string: dhcp dns update algo = Algorithm
WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
WARNING: untranslated string: disable = Disable
WARNING: untranslated string: disconnected = Disconnected
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 9f62f03f2..2cd36a5a1 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -886,11 +886,13 @@ WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov
WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.
WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: dhcp dns update = DNS Update
WARNING: untranslated string: dhcp dns update algo = Algorithm
WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
WARNING: untranslated string: disable = Disable
WARNING: untranslated string: disconnected = Disconnected
WARNING: untranslated string: dl client arch insecure = Download insecure Client Package (zip)
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 5d16e0b18..a333d9939 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -888,11 +888,13 @@ WARNING: untranslated string: dh key move failed = Diffie-Hellman parameters mov
WARNING: untranslated string: dh key warn = Creating DH-parameters with a length of 2048 bits takes up to several minutes. Lengths of 3072 or 4096 bits might needs several hours. Please be patient.
WARNING: untranslated string: dh key warn1 = For weak systems or systems with little entropy, it is recommended to upload long Diffie-Hellman parameters by usage of the upload function.
WARNING: untranslated string: dh parameter = Diffie-Hellman parameters
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
WARNING: untranslated string: dhcp dns enable update = Enable DNS Update (RFC2136):
WARNING: untranslated string: dhcp dns key name = Key Name
WARNING: untranslated string: dhcp dns update = DNS Update
WARNING: untranslated string: dhcp dns update algo = Algorithm
WARNING: untranslated string: dhcp dns update secret = Secret
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
WARNING: untranslated string: disable = Disable
WARNING: untranslated string: disconnected = Disconnected
WARNING: untranslated string: disk access = Disk Access
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 26530a923..a080ee54f 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -894,6 +894,8 @@ WARNING: untranslated string: crypto warning = Cryptographic warning
WARNING: untranslated string: dangerous = Dangerous
WARNING: untranslated string: default IP address = Default IP Address
WARNING: untranslated string: desired = Desired
+WARNING: untranslated string: dhcp deny known clients: = Deny known clients:
+WARNING: untranslated string: dhcp valid range required when deny known clients checked = Valid range required when "Deny known clients:" is checked
WARNING: untranslated string: disable = Disable
WARNING: untranslated string: disconnected = Disconnected
WARNING: untranslated string: dns check servers = Check DNS Servers
diff --git a/doc/language_missings b/doc/language_missings
index 12e341402..ad70d5241 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -222,11 +222,13 @@
< desired
< details
< dh
+< dhcp deny known clients:
< dhcp dns enable update
< dhcp dns key name
< dhcp dns update
< dhcp dns update algo
< dhcp dns update secret
+< dhcp valid range required when deny known clients checked
< dh key move failed
< dh key warn
< dh key warn1
@@ -962,6 +964,8 @@
< autonomous system
< bewan adsl pci st
< bewan adsl usb
+< dhcp deny known clients:
+< dhcp valid range required when deny known clients checked
< dns enable safe-search youtube
< g.dtm
< g.lite
@@ -1061,11 +1065,13 @@
< dangerous
< default IP address
< desired
+< dhcp deny known clients:
< dhcp dns enable update
< dhcp dns key name
< dhcp dns update
< dhcp dns update algo
< dhcp dns update secret
+< dhcp valid range required when deny known clients checked
< disable
< Disabled
< disconnected
@@ -1945,11 +1951,13 @@
< desired
< details
< dh
+< dhcp deny known clients:
< dhcp dns enable update
< dhcp dns key name
< dhcp dns update
< dhcp dns update algo
< dhcp dns update secret
+< dhcp valid range required when deny known clients checked
< dh key move failed
< dh key warn
< dh key warn1
@@ -2822,11 +2830,13 @@
< desired
< details
< dh
+< dhcp deny known clients:
< dhcp dns enable update
< dhcp dns key name
< dhcp dns update
< dhcp dns update algo
< dhcp dns update secret
+< dhcp valid range required when deny known clients checked
< dh key move failed
< dh key warn
< dh key warn1
@@ -3568,6 +3578,8 @@
< dangerous
< default IP address
< desired
+< dhcp deny known clients:
+< dhcp valid range required when deny known clients checked
< disable
< Disabled
< disconnected
diff --git a/html/cgi-bin/dhcp.cgi b/html/cgi-bin/dhcp.cgi
index 8c57c675d..2ebdde818 100644
--- a/html/cgi-bin/dhcp.cgi
+++ b/html/cgi-bin/dhcp.cgi
@@ -74,6 +74,7 @@ foreach my $itf (@ITFs) {
$dhcpsettings{"DNS_UPDATE_KEY_NAME_${itf}"} = '';
$dhcpsettings{"DNS_UPDATE_KEY_SECRET_${itf}"} = '';
$dhcpsettings{"DNS_UPDATE_KEY_ALGO_${itf}"} = '';
+ $dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} = 'off';
}
$dhcpsettings{'SORT_FLEASELIST'} = 'FIPADDR';
@@ -175,9 +176,16 @@ if ($dhcpsettings{'ACTION'} eq $Lang::tr{'save'}) {
}
}
+ if ($dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} eq 'on') {
+ if (($dhcpsettings{"START_ADDR_${itf}"}) eq '' && ($dhcpsettings{"END_ADDR_${itf}"}) eq '') {
+ $errormessage = "DHCP on ${itf}: " . $Lang::tr{'dhcp valid range required when deny known clients checked'};
+ goto ERROR;
+ }
+
if (!($dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"} =~ /^\d+$/)) {
$errormessage = "DHCP on ${itf}: " . $Lang::tr{'invalid default lease time'} . $dhcpsettings{'DEFAULT_LEASE_TIME_${itf}'};
goto ERROR;
+ }
}
if (!($dhcpsettings{"MAX_LEASE_TIME_${itf}"} =~ /^\d+$/)) {
@@ -548,6 +556,7 @@ foreach my $itf (@ITFs) {
my %checked=();
$checked{'ENABLE'}{'on'} = ( $dhcpsettings{"ENABLE_${itf}"} ne 'on') ? '' : "checked='checked'";
$checked{'ENABLEBOOTP'}{'on'} = ( $dhcpsettings{"ENABLEBOOTP_${itf}"} ne 'on') ? '' : "checked='checked'";
+ $checked{'DENY_KNOWN_CLIENTS'}{'on'} = ( $dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} ne 'on') ? '' : "checked='checked'";
if ($netsettings{"${itf}_DEV"} ne '' ) { # Show only defined interface
my $lc_itf=lc($itf);
@@ -563,6 +572,9 @@ print <<END
<td width='25%'><input type='text' name='START_ADDR_${itf}' value='$dhcpsettings{"START_ADDR_${itf}"}' /></td>
<td width='25%' class='base'>$Lang::tr{'end address'} <img src='/blob.gif' alt='*' /></td>
<td width='25%'><input type='text' name='END_ADDR_${itf}' value='$dhcpsettings{"END_ADDR_${itf}"}' /></td>
+</tr><tr>
+ <td class='base'>$Lang::tr{'dhcp deny known clients:'}</td>
+ <td><input type='checkbox' name='DENY_KNOWN_CLIENTS_${itf}' $checked{'DENY_KNOWN_CLIENTS'}{'on'} /></td>
</tr><tr>
<td class='base'>$Lang::tr{'default lease time'} <img src='/blob.gif' alt='*' /></td>
<td><input type='text' name='DEFAULT_LEASE_TIME_${itf}' value='$dhcpsettings{"DEFAULT_LEASE_TIME_${itf}"}' /></td>
@@ -1264,7 +1276,12 @@ sub buildconf {
if ($dhcpsettings{"ENABLE_${itf}"} eq 'on' ){
print FILE "subnet " . $netsettings{"${itf}_NETADDRESS"} . " netmask ". $netsettings{"${itf}_NETMASK"} . " #$itf\n";
print FILE "{\n";
- print FILE "\trange " . $dhcpsettings{"START_ADDR_${itf}"} . ' ' . $dhcpsettings{"END_ADDR_${itf}"}.";\n" if ($dhcpsettings{"START_ADDR_${itf}"});
+ if ($dhcpsettings{"START_ADDR_${itf}"}) {
+ print FILE "pool {\n";
+ print FILE "\trange " . $dhcpsettings{"START_ADDR_${itf}"} . ' ' . $dhcpsettings{"END_ADDR_${itf}"}.";\n";
+ print FILE "\tdeny known-clients;\n" if ($dhcpsettings{"DENY_KNOWN_CLIENTS_${itf}"} eq 'on');
+ print FILE " }\n"; # pool
+ }
print FILE "\toption subnet-mask " . $netsettings{"${itf}_NETMASK"} . ";\n";
print FILE "\toption domain-name \"" . $dhcpsettings{"DOMAIN_NAME_${itf}"} . "\";\n";
print FILE "\toption routers " . $netsettings{"${itf}_ADDRESS"} . ";\n";
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index 2fb46e741..38c9783f8 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -781,6 +781,7 @@
'dhcp bootp pxe data' => 'Geben Sie optionale BOOTP-PXE-Daten für diese feste Zuordnung ein',
'dhcp configuration' => 'DHCP-Konfiguration',
'dhcp create fixed leases' => 'Feste Zuordnungen erzeugen',
+'dhcp deny known clients:' => 'Bekannte Clients verweigern:',
'dhcp dns enable update' => 'DNS-Update nach RFC 2136 aktivieren:',
'dhcp dns key name' => 'Schlüsselname',
'dhcp dns update' => 'DNS-Update',
@@ -792,6 +793,7 @@
'dhcp server' => 'DHCP-Server',
'dhcp server disabled' => 'DHCP-Server deaktiviert. Angehalten.',
'dhcp server enabled' => 'DHCP-Server aktiviert. Starte neu.',
+'dhcp valid range required when deny known clients checked' => 'Gültiger Bereich erforderlich, wenn "Bekannte Clients verweigern:" aktiviert ist',
'dhcp-options' => 'DHCP push Optionen',
'dial' => 'Verbinden',
'dial profile' => 'Verbinde mit Profil',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index b5284effa..500913240 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -800,6 +800,7 @@
'dhcp bootp pxe data' => 'Enter optional bootp pxe data for this fixed lease',
'dhcp configuration' => 'DHCP configuration',
'dhcp create fixed leases' => 'Create fixed leases',
+'dhcp deny known clients:' => 'Deny known clients:',
'dhcp dns enable update' => 'Enable DNS Update (RFC2136):',
'dhcp dns key name' => 'Key Name',
'dhcp dns update' => 'DNS Update',
@@ -813,6 +814,7 @@
'dhcp server disabled on blue interface' => 'DHCP server disabled on BLUE interface',
'dhcp server enabled' => 'DHCP server enabled. Restarting.',
'dhcp server enabled on blue interface' => 'DHCP server enabled on BLUE interface',
+'dhcp valid range required when deny known clients checked' => 'Valid range required when "Deny known clients:" is checked',
'dhcp-options' => 'DHCP push options',
'dial' => 'Connect',
'dial profile' => 'Connect with profile',
diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl
index 53341a6f8..191a16927 100644
--- a/langs/nl/cgi-bin/nl.pl
+++ b/langs/nl/cgi-bin/nl.pl
@@ -702,6 +702,7 @@
'dhcp bootp pxe data' => 'Voer optionele bootp pxe data in voor deze vaste lease',
'dhcp configuration' => 'DHCP configuratie',
'dhcp create fixed leases' => 'Aanmaken vaste leases',
+'dhcp deny known clients:' => 'Bekende clients weigeren:',
'dhcp fixed lease err1' => 'Voor een vaste lease moet u het MAC-adres of de hostnaam invoeren, of beide.',
'dhcp fixed lease help1' => 'IP-adressen mogen ook als FQDN worden ingevoerd',
'dhcp mode' => 'DHCP',
@@ -710,6 +711,7 @@
'dhcp server disabled on blue interface' => 'DHCP server uitgeschakeld op de BLAUWE interface',
'dhcp server enabled' => 'DHCP server ingeschakeld. Herstarten.',
'dhcp server enabled on blue interface' => 'DHCP server ingeschakeld op de BLAUWE interface',
+'dhcp valid range required when deny known clients checked' => 'Geldig bereik wanneer "Bekende clients weigeren:" is aangevinkt',
'dhcp-options' => 'DHCP push opties',
'dial' => 'Verbind',
'dial profile' => 'Verbind met profile',
--
2.29.2
