From: David (prism2_at_djl.org.uk)
Date: 2002-03-10 15:33:10 UTC
On Wed, 06 Mar 2002 17:03:10 +0000, David <prism2_at_djl.org.uk> wrote:
Thanks to all who replied to my original post. Various useful suggestions which I have noted in case I need to further improve the security later - especially the idea of setting up a VPN, which might be worth looking into.
>3) MAC restriction using iptables. I've rebuilt the kernel with the
>iptables patch from bridge.sourceforge.net, but although I can get
>iptables to log packets passing through the bridge I can't make it
>drop them. Does anyone know whether iptables can be made to work with
>bridging and the Prism2 driver?
Answering my own question here, it turned out that I hadn't enabled the iptables-nf code when I rebuilt the kernel. Foolishly assuming that I just needed to apply the patch and rebuild, I hadn't noticed that it adds a new experimental option to the kernel configuration. It was especially confusing that the LOG target worked - I could see the network traffic, I just couldn't block any of it :-)
Turn that option on, rebuild the kernel, and Bob's your uncle. I now have a nice simple firewall script that limits wireless access to people whose MAC addresses I know. It would still be nice to stop intruders even being able to associate with the access point, but for the moment I'm happy that casual hackers are blocked.