denying local traffic

Doug Yeager doug
Wed Feb 12 03:48:57 PST 2003


this is very valuable code.
i'll post to the netfilter list.  many wanted this capability!

sorry if this sounds personal....i'm just excited! :)))

At 08:07 PM 02/11/2003 -0800, you wrote:
>On Tue, Feb 11, 2003 at 08:39:57PM -0500, Doug Yeager wrote:
> > basically i want to deny any local traffic amongst clients.
> >
> > netfilter list informed me that hostap was like a "hub" and the firewall
> > cannot prevent this activity.  not positive on that but i thought i would
> > try here to ask.
>Yes, that is correct. With default configuration, Host AP driver will
>bridge frames between associated stations below layer 3 and netfilter
>code cannot filter those frames.
> > is there a way to not allow this using hostap?  any settings at compile
> > time to only allow traffic from client to AP?  but not client to client
> > through ap?
>Yes, you can disable this internal driver bridge code by setting
>ap_bridge_packets to 0: 'prism2_param wlan0 ap_bridge_packets 0'.
>This does not require any compile time configuration.
>Jouni Malinen                                            PGP id EFC895FA
>HostAP mailing list
>HostAP at

More information about the Hostap mailing list