1 files changed, 61 insertions, 0 deletions

diff --git a/raddb/mods-available/attr_filter b/raddb/mods-available/attr_filter
new file mode 100644
index 0000000..a23d3c0
--- /dev/null
+++ b/raddb/mods-available/attr_filter
@@ -0,0 +1,61 @@
+# -*- text -*-
+#
+#  $Id$
+
+#
+#  This file defines a number of instances of the "attr_filter" module.
+#
+
+# attr_filter - filters the attributes received in replies from
+# proxied servers, to make sure we send back to our RADIUS client
+# only allowed attributes.
+attr_filter attr_filter.post-proxy {
+	key = "%{Realm}"
+	filename = ${modconfdir}/${.:name}/post-proxy
+}
+
+# attr_filter - filters the attributes in the packets we send to
+# the RADIUS home servers.
+attr_filter attr_filter.pre-proxy {
+	key = "%{Realm}"
+	filename = ${modconfdir}/${.:name}/pre-proxy
+}
+
+# Enforce RFC requirements on the contents of Access-Reject
+# packets.  See the comments at the top of the file for
+# more details.
+#
+attr_filter attr_filter.access_reject {
+	key = "%{User-Name}"
+	filename = ${modconfdir}/${.:name}/access_reject
+}
+
+# Enforce RFC requirements on the contents of Access-Challenge
+# packets.  See the comments at the top of the file for
+# more details.
+#
+attr_filter attr_filter.access_challenge {
+	key = "%{User-Name}"
+	filename = ${modconfdir}/${.:name}/access_challenge
+}
+
+
+#  Enforce RFC requirements on the contents of the
+#  Accounting-Response packets.  See the comments at the
+#  top of the file for more details.
+#
+attr_filter attr_filter.accounting_response {
+	key = "%{User-Name}"
+	filename = ${modconfdir}/${.:name}/accounting_response
+}
+
+#
+#  Enforce CoA or Disconnect packets.
+#
+#  Note that you MUST edit the "coa" file below for your
+#  local configuration.  Add in any attributes needed by the NAS.
+#
+attr_filter attr_filter.coa {
+	key = "%{User-Name}"
+	filename = ${modconfdir}/${.:name}/coa
+}