FreshTomato Wiki

User Tools

Site Tools

Trace:
device_filtering

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
device_filtering [2024/10/31 20:40] – [Block devices via script/Scheduler] -Condense hogwilddevice_filtering [2025/03/03 18:09] (current) – [Notes] -condense hogwild
Line 5: Line 5:
  \\  \\
  
-  * For a bridged environment (Media bridge/Ethernet-bridge/Ethernet to Ethernet) you'll need //ebtables.// +  * For a bridged environment (Media Bridge mode, \\ Ethernet Bridge mode or switched LAN) you use //ebtables.//
-  * For a routed environment (single router), you'll use //iptables//.+
  
  \\  \\
  
-Given a MAC address you wish to control, like''AA:BB:CC:DD:EE:FF'' you can filter in two ways:+  * For a routed environment (single router), you must use //iptables//
 + 
 + \\ 
 + 
 +Given a MAC address you wish to control, such as"AA:BB:CC:DD:EE:FFyou can filter in two ways:
  
  
Line 42: Line 45:
  \\  \\
  
-# Flush\\  ''You don't do that for iptables '':-)'' instead, reboot the device''+# Flush\\  You don't do that for iptables. Reboot the device instead.
  
  \\  \\
Line 48: Line 51:
  \\  \\
  
-Nowadays, blocking MAC addresses can be tedious. Many devices use MAC randomization. MAC addresses can "change" freqeently.+These daysmany devices use MAC randomization which can make blocking MAC addresses tedious. MAC addresses can "change" frequently.
  
-For managing this, one alternative is to filter using hostnames.+To help manage this, one option is to filter using hostnames.
  
  \\  \\
Line 63: Line 66:
  
  \\  \\
 +
  
 ===== Notes ===== ===== Notes =====
  
-Still, the kernel resolves the hostname to an IP address. A device with randomized MAC address will obtain a new IP address when reconnecting. This might function well, but only until the user restarts the device or just manually disconnects WiFi.+The kernel still resolves the hostname to an IP address. A device with randomized MAC address will obtain a new IP address when reconnecting. This may function well, but only until the user restarts the device or manually disconnects WiFi.
  
-If you're very security conscious, you could trigger a "service wireless restart" for each new client connecting, but that would be disruptive to the general network.+If you're security conscious, you could trigger a "service wireless restart" for each new client connecting, but that would be disruptive to the general network.
  
 For WiFi devices, perhaps the best way to limit access is to make them connect to a dedicated SSID, and enable/disable that SSID as needed. For details about this approach, see the HOWTO: [[toggle_radio|Turning on/off radio elements from script]]. For WiFi devices, perhaps the best way to limit access is to make them connect to a dedicated SSID, and enable/disable that SSID as needed. For details about this approach, see the HOWTO: [[toggle_radio|Turning on/off radio elements from script]].
device_filtering.1730407255.txt.gz · Last modified: 2024/10/31 20:40 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki