FreshTomato Wiki

User Tools

Site Tools

Trace:
device_filtering

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
device_filtering [2023/05/24 21:20] – [iptables] -formatting, syntax corrections hogwilddevice_filtering [2023/05/24 21:38] (current) – [Block devices via script/scheduler] - Capitalize Scheduler hogwild
Line 1: Line 1:
-====== Block devices via script/scheduler ======+====== Block devices via script/Scheduler ======
  
 The easiest way to filter WiFi devices is to use the [[basic-wfilter|Wireless Filter]] menu. However, there are times when you want to block specific devices via a script. This is particularly true when you need to manage device blocking for a lot of devices. Scripting also allows you to schedule blocking/filtering on or off, as needed. The easiest way to filter WiFi devices is to use the [[basic-wfilter|Wireless Filter]] menu. However, there are times when you want to block specific devices via a script. This is particularly true when you need to manage device blocking for a lot of devices. Scripting also allows you to schedule blocking/filtering on or off, as needed.
Line 11: Line 11:
  
  
-===== ebtables =====+===== ebtables (routed environment) =====
  
 # Block\\  ''/usr/sbin/ebtables -A FORWARD -d AA:BB:CC:DD:EE:FF -j DROP'' # Block\\  ''/usr/sbin/ebtables -A FORWARD -d AA:BB:CC:DD:EE:FF -j DROP''
Line 23: Line 23:
 # Flush (unblock all the defined references at once)\\  ''/usr/sbin/ebtables -F''\\  \\ # Flush (unblock all the defined references at once)\\  ''/usr/sbin/ebtables -F''\\  \\
  
- NOTE: you might have additional ebtables in your system so be very careful about flushing the full ebtable.+ NOTE: you might have additional ebtables in your system so **be very careful** about flushing the full ebtable.
  
  
Line 36: Line 36:
  \\  \\
  
-# Unblock just rever whatever command replacing -I with -D e.g.\\  ''/sbin/iptables -D FORWARD -m mac --mac-source AA:BB:CC:DD:EE:FF -j DROP''+# Unblock (reverse) whatever command was issued by replacing "-Iwith "-D" :\\  ''/sbin/iptables -D FORWARD -m mac --mac-source AA:BB:CC:DD:EE:FF -j DROP''
  
  \\  \\
Line 60: Line 60:
  \\  \\
  
-Still, the hostname is resolved into an IP address by the kernel. A device with randomized MAC address will obtain a new IP when reconnecting. This will probably function well until the user decides to restart the device or even disconnect/reconnect WiFi manually.+Still, the hostname is resolved into an IP address by the kernel. A device with randomized MAC address will obtain a new IP address when reconnecting. This might function well, but only until the user restarts the device or just manually disconnects/reconnects WiFi.
  
-You could as a paranoia approach trigger a service wireless restart for each new client connecting but that is to cause disruption. For wireless devices possibly the best way to limit access is to make them connect to a dedicated SSID and enable/disable the SSID as needed as described in [[toggle_radio|this article]].+If you were very security conscious, you could trigger a "service wireless restartfor each new client connectingbut that would be disruptive to the network in general. 
 + 
 +For WiFi devices, perhaps the best way to limit access is to make them connect to a dedicated SSIDand enable/disable that SSID as needed. For more details about this approach, see this HOWTO: [[toggle_radio|Turning on/off radio elements from script]].
  
  
device_filtering.1684959633.txt.gz · Last modified: 2023/05/24 21:20 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki