Kernel filtering

Jouni Malinen j at w1.fi
Sun Apr 26 03:53:49 EDT 2009


On Tue, Apr 21, 2009 at 12:39:39PM +0200, darko wrote:

> maybe it is wrong list, but hostap is only place I know that mention it.
> I was wondering is there some convention or rule that forbid client to client
> packet pass through kernel filter (ebtables/iptables) or it is hard to manage.

If you are talking about wireless LAN APs, this functionality is usually
in the driver/802.11 network stack (e.g., mac80211) and may be
configurable there. If are using IP forwarding, iptables would be the
place to configure it. ebtables is not going to work (at least with
unmodified kernel) since bridging back to the same interface is not
supported in the kernel bridging code and as such, the 802.11 drivers
will need to implement this internally.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list