FreshTomato Wiki

User Tools

Site Tools

Trace:
device_filtering

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
device_filtering [2024/10/10 16:37] – [iptables] -Add "Notes" Head2 hogwilddevice_filtering [2025/03/03 18:09] (current) – [Notes] -condense hogwild
Line 1: Line 1:
 ====== Block devices via script/Scheduler ====== ====== Block devices via script/Scheduler ======
  
-The easiest way to filter WiFi devices is to use the [[basic-wfilter|Wireless Filter]] menu. However, there are times when you want to block specific devices via a script. This is particularly true when you need to manage device blocking for a lot of devices. Scripting also allows you to schedule blocking/filtering on or off, as needed.+The easiest way to filter WiFi devices is to use the [[basic-wfilter|Wireless Filter]] menu. However, there are times you want to block specific devices via a script. This is especially true when you need to manage device blocking for many devices. Scripting also lets you schedule blocking/filtering on or off, as needed.
  
  \\  \\
  
-  * For a bridged environment (Media bridge/Ethernet-bridge/Ethernet to Ethernet) you'll need //ebtables.// +  * For a bridged environment (Media Bridge mode, \\ Ethernet Bridge mode or switched LAN) you use //ebtables.//
-  * For a routed environment (single router), you'll use //iptables//.+
  
  \\  \\
  
-Given a MAC address you want to control, like''AA:BB:CC:DD:EE:FF'' you can filter in two ways:+  * For a routed environment (single router), you must use //iptables//
 + 
 + \\ 
 + 
 +Given a MAC address you wish to control, such as"AA:BB:CC:DD:EE:FFyou can filter in two ways:
  
  
Line 42: Line 45:
  \\  \\
  
-# Flush\\  ''You don't do that for iptables '':-)'' instead, reboot the device''+# Flush\\  You don't do that for iptables. Reboot the device instead.
  
  \\  \\
Line 48: Line 51:
  \\  \\
  
-Nowadays, blocking MAC addresses can be tedious. Many devices use MAC randomization. MAC addresses can "change" freqeently.+These daysmany devices use MAC randomization which can make blocking MAC addresses tedious. MAC addresses can "change" frequently.
  
-For managing this, one alternative is to filter using hostnames.+To help manage this, one option is to filter using hostnames.
  
  \\  \\
Line 63: Line 66:
  
  \\  \\
 +
  
 ===== Notes ===== ===== Notes =====
  
-Still, the kernel resolves the hostname to an IP address. A device with randomized MAC address will obtain a new IP address when reconnecting. This might function well, but only until the user restarts the device or just manually disconnects WiFi.+The kernel still resolves the hostname to an IP address. A device with randomized MAC address will obtain a new IP address when reconnecting. This may function well, but only until the user restarts the device or manually disconnects WiFi.
  
-If you're very security conscious, you could trigger a "service wireless restart" for each new client connecting, but that would be disruptive to the general network.+If you're security conscious, you could trigger a "service wireless restart" for each new client connecting, but that would be disruptive to the general network.
  
 For WiFi devices, perhaps the best way to limit access is to make them connect to a dedicated SSID, and enable/disable that SSID as needed. For details about this approach, see the HOWTO: [[toggle_radio|Turning on/off radio elements from script]]. For WiFi devices, perhaps the best way to limit access is to make them connect to a dedicated SSID, and enable/disable that SSID as needed. For details about this approach, see the HOWTO: [[toggle_radio|Turning on/off radio elements from script]].
device_filtering.1728574656.txt.gz · Last modified: 2024/10/10 16:37 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki