Updating deny acl mac list during runtime

Jouni Malinen j at w1.fi
Sun Nov 29 01:20:14 PST 2015

On Sun, Nov 22, 2015 at 09:50:15PM +0200, Eli Balta wrote:
> I need to be able to dynamically add and remove hosts from the mac
> filter list depending on various events.
> What I'm doing right now is:
> 1) add/remove mac entry in /etc/hostapd.deny
> 2) send "SET deny_mac_file /etc/hostapd.deny" to the ctrl iface at
> /var/run/hostapd/...
> The problem:
> This works only for adding entries to the list, if I remove an entry
> and send the "SET deny_mac_file /etc/hostapd.deny" command, it
> succeeds, but the STA is still denied authentication whenever it tries
> to connect.
> Is there any way to solve this problem without having to make
> modifications to the code?

If you do not want to stop and restart the BSS to do this, then probably
not. There was a recent patch to add a new control interface command for
adding MAC ACL entries and something similar would likely need to be
added to remove MAC ACL entries to cover the case you describe here.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list