denying local traffic

Doug Yeager doug
Tue Feb 11 17:39:57 PST 2003


i'm trying to lock down an access point (hostap) and give people only the 
ability to get through it to the web but not to each other.

this is a coffee shop type setup where users don't know each other and 
frequently leave open shares on their windows clients.  they don't know it, 
but it is very insecure.

basically i want to deny any local traffic amongst clients.

netfilter list informed me that hostap was like a "hub" and the firewall 
cannot prevent this activity.  not positive on that but i thought i would 
try here to ask.

is there a way to not allow this using hostap?  any settings at compile 
time to only allow traffic from client to AP?  but not client to client 
through ap?

if i can do this is iptables, i would rather do that, so let me know if 
anybody has done that.


More information about the Hostap mailing list