FreshTomato Wiki

User Tools

Site Tools

Trace:
device_filtering

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
device_filtering [2023/05/24 21:22] – [ebtables (routed environment)] hogwilddevice_filtering [2023/05/24 21:38] – [Block devices via script/scheduler] - Capitalize Scheduler hogwild
Line 1: Line 1:
-====== Block devices via script/scheduler ======+====== Block devices via script/Scheduler ======
  
 The easiest way to filter WiFi devices is to use the [[basic-wfilter|Wireless Filter]] menu. However, there are times when you want to block specific devices via a script. This is particularly true when you need to manage device blocking for a lot of devices. Scripting also allows you to schedule blocking/filtering on or off, as needed. The easiest way to filter WiFi devices is to use the [[basic-wfilter|Wireless Filter]] menu. However, there are times when you want to block specific devices via a script. This is particularly true when you need to manage device blocking for a lot of devices. Scripting also allows you to schedule blocking/filtering on or off, as needed.
Line 36: Line 36:
  \\  \\
  
-# Unblock just rever whatever command replacing -I with -D e.g.\\  ''/sbin/iptables -D FORWARD -m mac --mac-source AA:BB:CC:DD:EE:FF -j DROP''+# Unblock (reverse) whatever command was issued by replacing "-Iwith "-D" :\\  ''/sbin/iptables -D FORWARD -m mac --mac-source AA:BB:CC:DD:EE:FF -j DROP''
  
  \\  \\
Line 60: Line 60:
  \\  \\
  
-Still, the hostname is resolved into an IP address by the kernel. A device with randomized MAC address will obtain a new IP when reconnecting. This will probably function well until the user decides to restart the device or even disconnect/reconnect WiFi manually.+Still, the hostname is resolved into an IP address by the kernel. A device with randomized MAC address will obtain a new IP address when reconnecting. This might function well, but only until the user restarts the device or just manually disconnects/reconnects WiFi.
  
-You could as a paranoia approach trigger a service wireless restart for each new client connecting but that is to cause disruption. For wireless devices possibly the best way to limit access is to make them connect to a dedicated SSID and enable/disable the SSID as needed as described in [[toggle_radio|this article]].+If you were very security conscious, you could trigger a "service wireless restartfor each new client connectingbut that would be disruptive to the network in general. 
 + 
 +For WiFi devices, perhaps the best way to limit access is to make them connect to a dedicated SSIDand enable/disable that SSID as needed. For more details about this approach, see this HOWTO: [[toggle_radio|Turning on/off radio elements from script]].
  
  
device_filtering.txt · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki