denying local traffic
jkmaline at cc.hut.fi
Tue Feb 11 23:07:10 EST 2003
On Tue, Feb 11, 2003 at 08:39:57PM -0500, Doug Yeager wrote:
> basically i want to deny any local traffic amongst clients.
> netfilter list informed me that hostap was like a "hub" and the firewall
> cannot prevent this activity. not positive on that but i thought i would
> try here to ask.
Yes, that is correct. With default configuration, Host AP driver will
bridge frames between associated stations below layer 3 and netfilter
code cannot filter those frames.
> is there a way to not allow this using hostap? any settings at compile
> time to only allow traffic from client to AP? but not client to client
> through ap?
Yes, you can disable this internal driver bridge code by setting
ap_bridge_packets to 0: 'prism2_param wlan0 ap_bridge_packets 0'.
This does not require any compile time configuration.
Jouni Malinen PGP id EFC895FA
More information about the HostAP