2 # Please read the documentation file ../doc/rlm_attr_filter
3 # for more information.
5 # This file contains security and configuration information
6 # for each realm. The first field is the realm name and
7 # can be up to 253 characters in length. This is followed (on
8 # the next line) with the list of filter rules to be used to
9 # decide what attributes we allow proxy servers to return to us
12 # When a proxy-reply request is received from a proxy server,
13 # these values are tested. Only the first match is used unless the
14 # "Fall-Through" variable is set to "Yes". In that case the rules
15 # defined in the DEFAULT case are processed as well.
17 # A special user named "DEFAULT" matches on all realm names.
18 # You can have only one DEFAULT entry. All entries are processed
19 # in the order they appear in this file. The first entry that
20 # matches the login-request will stop processing unless you use
21 # the Fall-Through variable.
23 # Indented (with the tab character) lines following the first
24 # line indicate the filter rules to be used by the server to
26 # You can include another `attrs' file with `$INCLUDE attrs.other'
30 # This is a complete entry for "fisp". Note that there is no Fall-Through
31 # entry so that no DEFAULT entry will be used, and the server will NOT
32 # allow any other a/v pairs other than the ones listed here.
35 # o Only Framed-User Service-Types ( no telnet, rlogin, tcp-clear )
36 # o PPP sessions ( no SLIP, CSLIP, etc. )
37 # o dynamic ip assignment ( can't assign a static ip )
38 # o an idle timeout value set to 600 seconds (10 min) or less
39 # o a max session time set to 28800 seconds (8 hours) or less
42 # Service-Type == Framed-User,
43 # Framed-Protocol == PPP,
44 # Framed-IP-Address == 255.255.255.254,
45 # Idle-Timeout <= 600,
46 # Session-Timeout <= 28800
50 # This is a complete entry for "tisp". Note that there is no Fall-Through
51 # entry so that no DEFAULT entry will be used, and the server will NOT
52 # allow any other a/v pairs other than the ones listed here.
55 # o Only Login-User Service-Type ( no framed/ppp sessions )
56 # o Telnet sessions only ( no rlogin, tcp-clear )
57 # o Login hosts of either 192.168.1.1 or 192.168.1.2
60 # Service-Type == Login-User,
61 # Login-Service == Telnet,
62 # Login-TCP-Port == 23,
63 # Login-IP-Host == 192.168.1.1
64 # Login-IP-Host == 192.168.1.2
67 # This is a complete entry for "spamrealm". Fall-Through is used, so
68 # that the DEFAULT filter rules are used in addition to these.
71 # o Force the application of Filter-ID attribute to be returned
72 # in the proxy reply, whether the proxy sent it or not.
73 # o The standard DEFAULT rules as defined below
76 # Framed-Filter-Id := "nosmtp.in",
80 # The rest of this file contains the DEFAULT entry.
81 # DEFAULT matches with all realm names.
85 Service-Type == Framed-User,
86 Service-Type == Login-User,
87 Login-Service == Telnet,
88 Login-Service == Rlogin,
89 Login-Service == TCP-Clear,
90 Login-TCP-Port <= 65536,
91 Framed-IP-Address == 255.255.255.254,
92 Framed-IP-Netmask == 255.255.255.255,
93 Framed-Protocol == PPP,
94 Framed-Protocol == SLIP,
95 Framed-Compression == Van-Jacobson-TCP-IP,
97 Framed-Filter-ID =* ANY,
100 Session-Timeout <= 28800,