summaryrefslogtreecommitdiffstats
path: root/raddb/mods-config/attr_filter/pre-proxy
diff options
context:
space:
mode:
Diffstat (limited to 'raddb/mods-config/attr_filter/pre-proxy')
-rw-r--r--raddb/mods-config/attr_filter/pre-proxy67
1 files changed, 67 insertions, 0 deletions
diff --git a/raddb/mods-config/attr_filter/pre-proxy b/raddb/mods-config/attr_filter/pre-proxy
new file mode 100644
index 0000000..36d84e8
--- /dev/null
+++ b/raddb/mods-config/attr_filter/pre-proxy
@@ -0,0 +1,67 @@
+#
+# Configuration file for the rlm_attr_filter module.
+# Please see rlm_attr_filter(5) manpage for more information.
+#
+# $Id$
+#
+# This file contains security and configuration information
+# for each realm. It can be used be an rlm_attr_filter module
+# instance to filter attributes before sending packets to the
+# home server of a realm.
+#
+# When a packet is sent to a home server, these attributes
+# and values are tested. Only the first match is used unless
+# the "Fall-Through" variable is set to "Yes". In that case
+# the rules defined in the DEFAULT case are processed as well.
+#
+# A special realm named "DEFAULT" matches on all realm names.
+# You can have only one DEFAULT entry. All entries are processed
+# in the order they appear in this file. The first entry that
+# matches the login-request will stop processing unless you use
+# the Fall-Through variable.
+#
+# The first line indicates the realm to which the rules apply.
+# Indented (with the tab character) lines following the first
+# line indicate the filter rules.
+#
+
+# This is a complete entry for 'nochap' realm. It allows to send very
+# basic attributes to the home server. Note that there is no Fall-Through
+# entry so that no DEFAULT entry will be used. Only the listed attributes
+# will be sent in the packet, all other attributes will be filtered out.
+#
+#nochap
+# User-Name =* ANY,
+# User-Password =* ANY,
+# NAS-IP-Address =* ANY,
+# NAS-Identifier =* ANY
+
+# The entry for the 'brokenas' realm removes the attribute NAS-Port-Type
+# if its value is different from 'Ethernet'. Then the default rules are
+# applied.
+#
+#brokenas
+# NAS-Port-Type == Ethernet
+# Fall-Through = Yes
+
+# The rest of this file contains the DEFAULT entry.
+# DEFAULT matches with all realm names.
+
+DEFAULT
+ User-Name =* ANY,
+ User-Password =* ANY,
+ CHAP-Password =* ANY,
+ CHAP-Challenge =* ANY,
+ MS-CHAP-Challenge =* ANY,
+ MS-CHAP-Response =* ANY,
+ EAP-Message =* ANY,
+ Message-Authenticator =* ANY,
+ State =* ANY,
+ NAS-IP-Address =* ANY,
+ NAS-Identifier =* ANY,
+ Operator-Name =* ANY,
+ Calling-Station-Id =* ANY,
+ Called-Station-Id =* ANY,
+ Operator-Name =* ANY,
+ Chargeable-User-Identity =* ANY,
+ Proxy-State =* ANY
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-21 22:40:08 +0000