ap_bridge_packets

Jouni Malinen jkmaline at cc.hut.fi
Mon Aug 9 05:38:17 EDT 2004


On Sun, Aug 08, 2004 at 02:15:16PM -0700, nondito wrote:

> Is ther any way I can let the clients to communicate
> with each other but block some ports using iptables?
> This ap_bridge_packets are imposing two different
> situations on two extremes. If set to 1, they can
> communicate unconditionally and no restriction can be
> imposed. If set to 0, they can't communicate at all.

This would require that ap_bridge_packets=0 and Linux bridge code would
be used to bridge packets back to the same interface. The default kernel
does not support this, but I have seen couple of patch files that claim
to enable this kind of mode. After this, ebtables could be used to
filter packets between the associated stations.

In other words, this is likely to require some work and kernel changes.
I have not tested this myself and I don't know whether there are any
good step-by-step instructions on this kind of change.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list