wired authentication (kernel module)

Arnaud Kleinveld kleinveld
Wed Sep 22 22:33:10 PDT 2004

I don't understand where you need to match output.

Now I understand that you also need to implement the counting part beside the 
authentication. It is possible to count mac sources with iptables. You don't 
need the ip address. Something like this works:
iptables -A APINET -m mac --mac-source aa:bb:cc:dd:ee:ff -j ACCEPT
There is only now difference between sent and reveived packets, if that's what 
you meen with output.


Gunter Burchardt wrote:
>>I have tested that in combination with Hostap and it works. I don't think 
>>my solution is exectly the one Gunter is searching for but I got iptables 
>>routing unauthenticated clients to a login page. So iptables can do the 
>>trick as you describe. With wired or wireless client, that doesn't matter.
> And what about output? Iptables cant match output mac! Also its
> impossible to accout (count bytes and packets) output without knowing
> ip address. A port in PAE is normaly assigned to a mac and not to a ip.
> hostapd dont care about ip addresses!
> regards
> gunter 

More information about the Hostap mailing list