how do I kick a MAC address off my hostapd WiFi network?
daevid at daevid.com
Wed Oct 10 02:36:30 EDT 2007
I have my WiFi network on a hostapd controlled 10.10.10.* range and my
wired LAN on a 192.168.1.* range.
I try to be a "nice guy" and leave the WiFi 'open' (no WEP) as it's
segregated and I use some proper shorewall rules to route things nicely
for my various privileged devices. Also, some WiFi devices I have just
don't support WEP, and it's a real hassle to get others working with
I don't mind the occasional person jumping on to check movie times or
traffic or get email or whatever. I think bandwidth should be free for
everyone and it is sure a life saver when you need to quickly get online
Anyways, sometimes I have stupid neighbors who don't quite "get it" and
will just blindly let their computers connect to my WAP. UGH! They sit
on it for hours and days and generally piss me off.
How can I boot someone off my network? I usually add them to my
shorewall blacklist file, and then:
But I still see them on there it seems.
(essentially it's doing an 'arp -n' and then I parse that info and make
daevid dhcp # arp -n
Address HWtype HWaddress Flags Mask
10.10.10.7 ether 00:06:25:12:4A:D8 C
10.10.10.27 ether 00:19:7E:C5:02:AB C
188.8.131.52 ether 00:01:5C:23:D7:02 C
10.10.10.69 ether 00:02:6F:21:DF:5C C
192.168.1.18 ether 00:0C:F1:A8:F7:F3 C
I googled and found this little nugget that I thought would work:
# iptables -A FORWARD -m mac --mac-source 00:19:7E:C5:02:AB -j DROP
But I still see this squatter. And I can feel my network being sluggish
as they're probably downloading a lot of stuff.
More information about the HostAP