[ previous ] [ next ] [ threads ]
 
 From:  "Kamil Wencel" <wencel at radion dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] FW: MAC filtering on wireless interfaces
 Date:  Sat, 6 Dec 2003 10:53:33 +0100 (CET)
Since MAC address spoofing is a rather common technique
to pass by WLAN "Security" I would not recommend using it.

Use an IPSEC over WLAN tunnel instead. I myself allow traffic
shaped HTTP / HTTPS for geeks who still have fun standing in
front of my door and want to get online.

Apart from that, the whole internal infrastructure uses IPSEC
to reach the internal machines.

--k



Referring to Manuel Kasper :
> On 04.12.2003, at 19:17, Fred Weston wrote:
>
>> Anybody know?
>
> Your question has already been answered by Magne Andreassen:
>
> On 03.12.2003, at 10:48, Magne Andreassen wrote:
>
>> Fred Weston wrote:
>>>
>>> Does m0n0wall support client mac address filtering on
>>> wireless interfaces while in hostap mode?
>>>
>> nope...
>>
>>
>> Magne
>
> It's not supported (yet) due to the lack of layer 2 filtering in
> ipfilter. IPFW2 can do it, but we use ipfw for traffic shaping and
> don't really want to have it filter packets...
>
> - Manuel
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


RADION
Digital Research & Innovation

Kamil Wencel
Swakopmunder Str. 1


voice 3.1kHz : + 49 89 43746158
fax-machine  : + 49 89 43746159

email        : wencel at radion dot org
browser      : www.radion.org