Re: Current state of security features

From: David (
Date: 2002-03-10 15:33:10 UTC

On Wed, 06 Mar 2002 17:03:10 +0000, David <> wrote:

Thanks to all who replied to my original post. Various useful suggestions which I have noted in case I need to further improve the security later - especially the idea of setting up a VPN, which might be worth looking into.

>3) MAC restriction using iptables. I've rebuilt the kernel with the
>iptables patch from, but although I can get
>iptables to log packets passing through the bridge I can't make it
>drop them. Does anyone know whether iptables can be made to work with
>bridging and the Prism2 driver?

Answering my own question here, it turned out that I hadn't enabled the iptables-nf code when I rebuilt the kernel. Foolishly assuming that I just needed to apply the patch and rebuild, I hadn't noticed that it adds a new experimental option to the kernel configuration. It was especially confusing that the LOG target worked - I could see the network traffic, I just couldn't block any of it :-)

Turn that option on, rebuild the kernel, and Bob's your uncle. I now have a nice simple firewall script that limits wireless access to people whose MAC addresses I know. It would still be nice to stop intruders even being able to associate with the access point, but for the moment I'm happy that casual hackers are blocked.


This archive was generated by hypermail 2.1.4.