Skip to Main Content
Wireless Hacks
book

Wireless Hacks

by Rob Flickenger
September 2003
Intermediate to advanced content levelIntermediate to advanced
304 pages
8h 39m
English
O'Reilly Media, Inc.
Content preview from Wireless Hacks

MAC Filtering with Host AP

Filter MAC addresses before they associate with your Host AP.

While you can certainly perform MAC filtering at the link layer using iptables or ebtables [Hack #59], it is far safer to let Host AP do it for you. This not only blocks traffic that is destined for your network, but also prevents miscreants from even associating with your station. This helps to preclude the possibility that someone could still cause trouble for your other associated wireless clients, even if they don’t have further network access.

When using MAC filtering, most people make a list of wireless devices that they wish to allow, and then deny all others. This is done using the iwpriv command.

# iwpriv wlan0 addmac 00:30:65:23:17:05
# iwpriv wlan0 addmac 00:40:96:aa:99:fd
  ...
# iwpriv wlan0 maccmd 1
# iwpriv wlan0 maccmd 4

The addmac directive adds a MAC address to the internal table. You can add as many MAC addresses as you like to the table by issuing more addmac commands. You then need to tell Host AP what to do with the table you’ve built. The maccmd 1 command tells Host AP to use the table as an “allowed” list, and to deny all other MAC addresses from associating. Finally, the maccmd 4 command boots off all associated clients, forcing them to reassociate. This happens automatically for clients listed in the table, but everyone else attempting to associate will be denied.

Sometimes, you only need to ban a troublemaker or two, rather than set an explicit policy of permitted devices. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Maximum Wireless Security

Maximum Wireless Security

Cyrus Peikari, Seth Fogie
Real Time Over Wireless

Real Time Over Wireless

Jerome Henry / Rob Barton
Troubleshooting Linux® Firewalls

Troubleshooting Linux® Firewalls

Michael Shinn, Scott Shinn

Publisher Resources

ISBN: 0596005598Catalog PageErrata