| 1 |
I have my WiFi network on a hostapd controlled 10.10.10.* range and my |
| 2 |
wired LAN on a 192.168.1.* range. |
| 3 |
|
| 4 |
I try to be a "nice guy" and leave the WiFi 'open' (no WEP) as it's |
| 5 |
segregated and I use some proper shorewall rules to route things nicely |
| 6 |
for my various privileged devices. Also, some WiFi devices I have just |
| 7 |
don't support WEP, and it's a real hassle to get others working with |
| 8 |
WEP. |
| 9 |
|
| 10 |
I don't mind the occasional person jumping on to check movie times or |
| 11 |
traffic or get email or whatever. I think bandwidth should be free for |
| 12 |
everyone and it is sure a life saver when you need to quickly get online |
| 13 |
for something. |
| 14 |
|
| 15 |
Anyways, sometimes I have stupid neighbors who don't quite "get it" and |
| 16 |
will just blindly let their computers connect to my WAP. UGH! They sit |
| 17 |
on it for hours and days and generally piss me off. |
| 18 |
|
| 19 |
How can I boot someone off my network? I usually add them to my |
| 20 |
shorewall blacklist file, and then: |
| 21 |
|
| 22 |
/etc/init.d/dhcp restart |
| 23 |
/etc/init.d/shorewall restart |
| 24 |
|
| 25 |
But I still see them on there it seems. |
| 26 |
http://daevid.com/examples/dhcp |
| 27 |
(essentially it's doing an 'arp -n' and then I parse that info and make |
| 28 |
it pretty) |
| 29 |
|
| 30 |
daevid dhcp # arp -n |
| 31 |
Address HWtype HWaddress Flags Mask |
| 32 |
Iface |
| 33 |
10.10.10.7 ether 00:06:25:12:4A:D8 C |
| 34 |
wlan0 |
| 35 |
10.10.10.27 ether 00:19:7E:C5:02:AB C |
| 36 |
wlan0 |
| 37 |
67.168.160.1 ether 00:01:5C:23:D7:02 C |
| 38 |
eth0 |
| 39 |
10.10.10.69 ether 00:02:6F:21:DF:5C C |
| 40 |
wlan0 |
| 41 |
192.168.1.18 ether 00:0C:F1:A8:F7:F3 C |
| 42 |
eth1 |
| 43 |
|
| 44 |
I googled and found this little nugget that I thought would work: |
| 45 |
http://www.linuxforums.org/forum/linux-newbie/5752-dhcpd-iptables-deny-m |
| 46 |
ac-addresses.html |
| 47 |
|
| 48 |
# iptables -A FORWARD -m mac --mac-source 00:19:7E:C5:02:AB -j DROP |
| 49 |
|
| 50 |
But I still see this squatter. And I can feel my network being sluggish |
| 51 |
as they're probably downloading a lot of stuff. |
| 52 |
|
| 53 |
-- |
| 54 |
gentoo-user@g.o mailing list |
Archives