I have read through a lot of the archives concerning IP filtering similar to Ascend-Data-Filter. I would like to refrain from setting up "filters" on the TC. I would rather send the filters down dynamically from the radius server.

I have added the following radius attributes to my sql server for passing the filters down to the user on login.

USR-IP-Input-Filter = "1 AND tcp-dst-port = 25",

USR-IP-Input-Filter = "2 REJECT dst-addr != X.X.X.X/24",

USR-IP-Input-Filter = "3 PERMIT"

Please not that my Radius server automatically translates this attribute to IP-Input-Filter. I have read through some TC documentation that refers to IP-Input-Filter and says that the AND statement comes before the REJECT statement BUT to number the rules in order. However, I have seen in the list that they are number out of order, 2, 1, 3 per say. If I number these in this order the user cannot connect. If I use the order above the user can connect but the filters do not apply. I am stumped. Any help would be appreciated. *Yes that is a class C for my mail server.