diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 14:11:00 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 14:11:00 +0000 |
commit | af754e596a8dbb05ed8580c342e7fe02e08b28e0 (patch) | |
tree | b2f334c2b55ede42081aa6710a72da784547d8ea /raddb/mods-available/attr_filter | |
parent | Initial commit. (diff) | |
download | freeradius-af754e596a8dbb05ed8580c342e7fe02e08b28e0.tar.xz freeradius-af754e596a8dbb05ed8580c342e7fe02e08b28e0.zip |
Adding upstream version 3.2.3+dfsg.upstream/3.2.3+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'raddb/mods-available/attr_filter')
-rw-r--r-- | raddb/mods-available/attr_filter | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/raddb/mods-available/attr_filter b/raddb/mods-available/attr_filter new file mode 100644 index 0000000..a23d3c0 --- /dev/null +++ b/raddb/mods-available/attr_filter @@ -0,0 +1,61 @@ +# -*- text -*- +# +# $Id$ + +# +# This file defines a number of instances of the "attr_filter" module. +# + +# attr_filter - filters the attributes received in replies from +# proxied servers, to make sure we send back to our RADIUS client +# only allowed attributes. +attr_filter attr_filter.post-proxy { + key = "%{Realm}" + filename = ${modconfdir}/${.:name}/post-proxy +} + +# attr_filter - filters the attributes in the packets we send to +# the RADIUS home servers. +attr_filter attr_filter.pre-proxy { + key = "%{Realm}" + filename = ${modconfdir}/${.:name}/pre-proxy +} + +# Enforce RFC requirements on the contents of Access-Reject +# packets. See the comments at the top of the file for +# more details. +# +attr_filter attr_filter.access_reject { + key = "%{User-Name}" + filename = ${modconfdir}/${.:name}/access_reject +} + +# Enforce RFC requirements on the contents of Access-Challenge +# packets. See the comments at the top of the file for +# more details. +# +attr_filter attr_filter.access_challenge { + key = "%{User-Name}" + filename = ${modconfdir}/${.:name}/access_challenge +} + + +# Enforce RFC requirements on the contents of the +# Accounting-Response packets. See the comments at the +# top of the file for more details. +# +attr_filter attr_filter.accounting_response { + key = "%{User-Name}" + filename = ${modconfdir}/${.:name}/accounting_response +} + +# +# Enforce CoA or Disconnect packets. +# +# Note that you MUST edit the "coa" file below for your +# local configuration. Add in any attributes needed by the NAS. +# +attr_filter attr_filter.coa { + key = "%{User-Name}" + filename = ${modconfdir}/${.:name}/coa +} |