dhcpd/dhcpd.conf@0ba300bdf30a
dhcpd/dhcpd.conf
Mon, 20 Apr 2009 19:22:00 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 20 Apr 2009 19:22:00 +0200
- changeset 178
- 0ba300bdf30a
- permissions
- -rw-r--r--
Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.
1 ##
2 ## dhcpd.conf -- ISC DHCP Daemon Configuration
3 ##
5 # Options applicable to all subnets
6 option domain-name "example.com";
7 authoritative;
8 default-lease-time 600;
9 max-lease-time 7200;
10 ddns-update-style none;
11 use-host-decl-names on;
13 # Define some non-standard options
14 option freebsd-swappath code 128 = text;
15 option freebsd-rootopts code 130 = text;
16 option freebsd-swapopts code 131 = text;
18 # Test drive using loopback
19 subnet 127.0.0.0 netmask 255.0.0.0 {
20 }
22 # Define a particular sample subnet
23 subnet 192.168.1.0 netmask 255.255.255.0 {
25 # Options applicable to this particular subnet
26 option broadcast-address 192.168.1.255;
27 option subnet-mask 255.255.255.0;
28 option routers 192.168.1.1;
29 option domain-name-servers 192.168.1.2;
31 # Dynamic DNS (DDNS) Updating
32 ddns-updates off;
33 ddns-domainname "example.com";
34 ddns-rev-domainname "in-addr.arpa";
36 # Pool of known clients (i.e. MAC known but IP not specified)
37 pool {
38 range 192.168.1.100 192.168.1.149;
39 min-lease-time 600; # 10min
40 default-lease-time 43200; # 12hour
41 max-lease-time 86400; # 24hour
42 deny unknown clients;
43 }
45 # Pool of unknown clients (i.e. MAC not known)
46 pool {
47 range 192.168.1.150 192.168.1.199;
48 min-lease-time 300; # 5min
49 default-lease-time 3600; # 1hour
50 max-lease-time 10800; # 3hour
51 allow unknown clients;
52 }
53 }
55 # The list of clients we explicitly configure
56 group {
57 # Just assign a fixed IP address for machine "quux1"
58 host quux1 {
59 hardware ethernet 01:02:03:00:00:01;
60 fixed-address 192.168.1.3;
61 }
63 # Provide full boot information for a FreeBSD diskless client "quux2":
64 # On the server, create a 32MB swapfile /dlc/fs/swap/swap.192.168.1.4
65 # with `dd if=/dev/zero of=swap.192.168.1.4 bs=1m count=32' and the
66 # filesystem /dlc/fs/quux2 with `cd /usr/src; make buildworld; make
67 # installworld DESTDIR=/dlc/fs/quux2'. Then use Etherboot for booting.
68 host quux2 {
69 hardware ethernet 01:02:03:00:00:02;
70 fixed-address 192.168.1.4;
71 next-server 192.168.1.2;
72 option tftp-server-name "192.168.1.2";
73 filename "kernel.quux";
74 always-reply-rfc1048 on;
75 option root-path "192.168.1.2:/dlc/fs/quux2";
76 option freebsd-rootopts "rw,noatime";
77 option swap-server 192.168.1.2;
78 option freebsd-swappath "192.168.1.2:/dlc/fs/swap";
79 option freebsd-swapopts "sw";
80 }
81 }
83 # The list of clients we know, but which get IP addresses from pool
84 group {
85 host quux3 { hardware ethernet 01:02:03:00:00:03; }
86 host quux4 { hardware ethernet 01:02:03:00:00:04; }
87 }
