FreshTomato Wiki

User Tools

Site Tools

Trace:
device_filtering

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
device_filtering [2024/10/31 20:43] – [Block devices via script/Scheduler] add full bridged mode names hogwilddevice_filtering [2025/03/03 18:09] (current) – [Notes] -condense hogwild
Line 5: Line 5:
  \\  \\
  
-  * For a bridged environment (when using Media bridge mode, \\ Ethernet bridge mode or Ethernet-to-Ethernet) you'll need //ebtables.// +  * For a bridged environment (Media Bridge mode, \\ Ethernet Bridge mode or switched LAN) you use //ebtables.//
-  * For a routed environment (single router), you'll use //iptables//.+
  
  \\  \\
  
-Given a MAC address you wish to control, like''AA:BB:CC:DD:EE:FF'' you can filter in two ways:+  * For a routed environment (single router), you must use //iptables//
 + 
 + \\ 
 + 
 +Given a MAC address you wish to control, such as"AA:BB:CC:DD:EE:FFyou can filter in two ways:
  
  
Line 42: Line 45:
  \\  \\
  
-# Flush\\  ''You don't do that for iptables '':-)'' instead, reboot the device''+# Flush\\  You don't do that for iptables. Reboot the device instead.
  
  \\  \\
Line 48: Line 51:
  \\  \\
  
-Nowadays, blocking MAC addresses can be tedious. Many devices use MAC randomization. MAC addresses can "change" freqeently.+These daysmany devices use MAC randomization which can make blocking MAC addresses tedious. MAC addresses can "change" frequently.
  
-For managing this, one alternative is to filter using hostnames.+To help manage this, one option is to filter using hostnames.
  
  \\  \\
Line 63: Line 66:
  
  \\  \\
 +
  
 ===== Notes ===== ===== Notes =====
  
-The kernel still resolves the hostname to an IP address. A device with randomized MAC address will obtain a new IP address when reconnecting. This might function well, but only until the user restarts the device or just manually disconnects WiFi.+The kernel still resolves the hostname to an IP address. A device with randomized MAC address will obtain a new IP address when reconnecting. This may function well, but only until the user restarts the device or manually disconnects WiFi.
  
 If you're security conscious, you could trigger a "service wireless restart" for each new client connecting, but that would be disruptive to the general network. If you're security conscious, you could trigger a "service wireless restart" for each new client connecting, but that would be disruptive to the general network.
device_filtering.1730407415.txt.gz · Last modified: by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki