| 1 |
Your iptables rule is almost ok, if I were you i'd do something like this: |
| 2 |
|
| 3 |
iptables -t nat -A PREROUTING -m mac --mac-source 00:19:7E:C5:02:AB -j DROP |
| 4 |
|
| 5 |
and |
| 6 |
iptables -A INPUT -m mac --mac-source 00:19:7E:C5:02:AB -j DROP |
| 7 |
|
| 8 |
That should do the job |
| 9 |
|
| 10 |
Daevid Vincent pisze: |
| 11 |
> I have my WiFi network on a hostapd controlled 10.10.10.* range and my |
| 12 |
> wired LAN on a 192.168.1.* range. |
| 13 |
> |
| 14 |
> I try to be a "nice guy" and leave the WiFi 'open' (no WEP) as it's |
| 15 |
> segregated and I use some proper shorewall rules to route things nicely |
| 16 |
> for my various privileged devices. Also, some WiFi devices I have just |
| 17 |
> don't support WEP, and it's a real hassle to get others working with |
| 18 |
> WEP. |
| 19 |
> |
| 20 |
> I don't mind the occasional person jumping on to check movie times or |
| 21 |
> traffic or get email or whatever. I think bandwidth should be free for |
| 22 |
> everyone and it is sure a life saver when you need to quickly get online |
| 23 |
> for something. |
| 24 |
> |
| 25 |
> Anyways, sometimes I have stupid neighbors who don't quite "get it" and |
| 26 |
> will just blindly let their computers connect to my WAP. UGH! They sit |
| 27 |
> on it for hours and days and generally piss me off. |
| 28 |
> |
| 29 |
> How can I boot someone off my network? I usually add them to my |
| 30 |
> shorewall blacklist file, and then: |
| 31 |
> |
| 32 |
> /etc/init.d/dhcp restart |
| 33 |
> /etc/init.d/shorewall restart |
| 34 |
> |
| 35 |
> But I still see them on there it seems. |
| 36 |
> http://daevid.com/examples/dhcp |
| 37 |
> (essentially it's doing an 'arp -n' and then I parse that info and make |
| 38 |
> it pretty) |
| 39 |
> |
| 40 |
> daevid dhcp # arp -n |
| 41 |
> Address HWtype HWaddress Flags Mask |
| 42 |
> Iface |
| 43 |
> 10.10.10.7 ether 00:06:25:12:4A:D8 C |
| 44 |
> wlan0 |
| 45 |
> 10.10.10.27 ether 00:19:7E:C5:02:AB C |
| 46 |
> wlan0 |
| 47 |
> 67.168.160.1 ether 00:01:5C:23:D7:02 C |
| 48 |
> eth0 |
| 49 |
> 10.10.10.69 ether 00:02:6F:21:DF:5C C |
| 50 |
> wlan0 |
| 51 |
> 192.168.1.18 ether 00:0C:F1:A8:F7:F3 C |
| 52 |
> eth1 |
| 53 |
> |
| 54 |
> I googled and found this little nugget that I thought would work: |
| 55 |
> http://www.linuxforums.org/forum/linux-newbie/5752-dhcpd-iptables-deny-m |
| 56 |
> ac-addresses.html |
| 57 |
> |
| 58 |
> # iptables -A FORWARD -m mac --mac-source 00:19:7E:C5:02:AB -j DROP |
| 59 |
> |
| 60 |
> But I still see this squatter. And I can feel my network being sluggish |
| 61 |
> as they're probably downloading a lot of stuff. |
| 62 |
> |
| 63 |
> |
| 64 |
-- |
| 65 |
gentoo-user@g.o mailing list |
Archives