denying local traffic

Tue Feb 11 20:07:10 PST 2003

On Tue, Feb 11, 2003 at 08:39:57PM -0500, Doug Yeager wrote:

> basically i want to deny any local traffic amongst clients.
> 
> netfilter list informed me that hostap was like a "hub" and the firewall 
> cannot prevent this activity.  not positive on that but i thought i would 
> try here to ask.

Yes, that is correct. With default configuration, Host AP driver will
bridge frames between associated stations below layer 3 and netfilter
code cannot filter those frames.

> is there a way to not allow this using hostap?  any settings at compile 
> time to only allow traffic from client to AP?  but not client to client 
> through ap?

Yes, you can disable this internal driver bridge code by setting
ap_bridge_packets to 0: 'prism2_param wlan0 ap_bridge_packets 0'.
This does not require any compile time configuration.

-- 
Jouni Malinen                                            PGP id EFC895FA