This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
device_filtering [2023/05/24 21:14] – [Block devices via script/scheduler]-spelling hogwild | device_filtering [2023/05/24 21:38] (current) – [Block devices via script/scheduler] - Capitalize Scheduler hogwild | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Block devices via script/scheduler | + | ====== Block devices via script/Scheduler |
- | The easiest way to filter WiFi devices is to use the [[basic-wfilter|Wireless Filter]] menu. However, there are times when you want to block specific devices via a script. | + | The easiest way to filter WiFi devices is to use the [[basic-wfilter|Wireless Filter]] menu. However, there are times when you want to block specific devices via a script. |
* For a bridged environment (Media-bridge/ | * For a bridged environment (Media-bridge/ | ||
Line 11: | Line 11: | ||
- | ===== ebtables ===== | + | ===== ebtables |
- | # Block\\ | + | # Block\\ |
\\ | \\ | ||
- | # Unblock\\ | + | # Unblock\\ |
\\ | \\ | ||
Line 23: | Line 23: | ||
# Flush (unblock all the defined references at once)\\ | # Flush (unblock all the defined references at once)\\ | ||
- | NOTE: you might have additional ebtables in your system so be very careful about flushing the full ebtable. | + | NOTE: you might have additional ebtables in your system so **be very careful** about flushing the full ebtable. |
===== iptables ===== | ===== iptables ===== | ||
- | # Block Internet access (or any intra-vlan)\\ | + | # Block Internet access (or any intra-vlan)\\ |
\\ | \\ | ||
- | # Block any network | + | # Block any network |
\\ | \\ | ||
- | # Unblock | + | # Unblock |
\\ | \\ | ||
- | # Flush\\ | + | # Flush\\ |
- | These days, blocking MAC addresses can be tedious task. Many client devices use a MAC randomization function. MAC addresses can " | + | \\ |
+ | |||
+ | These days, blocking MAC addresses can be tedious task. Many client devices use a MAC randomization function. MAC addresses can " | ||
For dealing with this, one alternative is to filter using hostnames. | For dealing with this, one alternative is to filter using hostnames. | ||
Line 58: | Line 60: | ||
\\ | \\ | ||
- | Still, the hostname is resolved into an IP address by the kernel. A device with randomized MAC address will obtain a new IP when reconnecting. This will probably | + | Still, the hostname is resolved into an IP address by the kernel. A device with a randomized MAC address will obtain a new IP address |
+ | |||
+ | If you were very security conscious, you could trigger a " | ||
- | You could as a paranoia approach trigger a service wireless restart for each new client connecting but that is to cause disruption. | + | For WiFi devices, perhaps |