4

I've recently set up a raspberry pi 3 as a simple wifi router, using:

  • Ubuntu 16.04
  • hostapd
  • dnsmasq

I've followed the following tutorial and all went pretty smooth: https://frillip.com/using-your-raspberry-pi-3-as-a-wifi-access-point-with-hostapd/

But now i wanted to take a next step and start white- or blacklisting specific MAC addresses. The way to do this seemed to be to configure hostapd for it:

macaddr_acl=0
accept_mac_file=/etc/hostapd/hostapd.accept
deny_mac_file=/etc/hostapd/hostapd.deny

And then add the MAC address to the referenced file. However this seems to be completely ignored, no matter wheter i restart, reload, try whitelisting (macaddr_acl=1) instead of blacklisting...

I did find people with similar issues on different hardware, because of madwifi. But the setup on raspberry pi does use the nl80211 driver instead of madwifi.

So right now, i assume it might be something specific to the wifi chip used in raspberry pi 3. Therefore posting it here, hoping that someone else faced the same challenge and found a way around it. :)

Finally: i'm aware that this is not a good way to do wifi security, but i'm not trying to do this to prevent malicious connections. I want to use it to prevent a device that i've forcefully disconnected (hostapd_cli deauthenticate) from immediately reconnecting.

mvherweg
  • 149
  • 1
  • 2

1 Answers1

0
ipset create okmac hash:mac
IPTABLES -t filter -A INPUT -i ${WIFI_IFACE} -m set ! --match-set ok src -j LOG --log-prefix "FORBIDDEN MAC "
IPTABLES -t filter -A INPUT -i ${WIFI_IFACE} -m set ! --match-set ok src -j DROP

populate the list

ipset add okmac 00:01:02:03:04:05

iptables-save /iptables.save
ipset save -f /ipset.save

iptable-restore </iptables.save
ipset restore -f /ipset.save
cybernard
  • 196
  • 2
  • 11