Optional MAC address filtering.
Station MAC address -based authentication Please note that this kind of access control requires a driver that uses hostapd to take care of management frame processing and as such, this can be used with driver=hostap or driver=nl80211, but not with driver=atheros.
This commit is contained in:
noface
13
create_ap
13
create_ap
@ -42,6 +42,7 @@ usage() {
|
||||
echo " 'none' for no Internet sharing (equivalent to -n)"
|
||||
echo " --psk Use 64 hex digits pre-shared-key instead of passphrase"
|
||||
echo " --hidden Make the Access Point hidden (do not broadcast the SSID)"
|
||||
echo " --mac-filter Enable MAC address filtering (addresses can be added to /etc/hostapd/accept)"
|
||||
echo " --redirect-to-localhost If -n is set, redirect every web request to localhost (useful for public information networks)"
|
||||
echo " --hostapd-debug <level> With level between 1 and 2, passes arguments -d or -dd to hostapd for debugging."
|
||||
echo " --isolate-clients Disable communication between clients"
|
||||
@ -600,6 +601,7 @@ ETC_HOSTS=0
|
||||
DHCP_DNS=gateway
|
||||
NO_DNS=0
|
||||
HIDDEN=0
|
||||
MAC_FILTER=0
|
||||
ISOLATE_CLIENTS=0
|
||||
SHARE_METHOD=nat
|
||||
IEEE80211N=0
|
||||
@ -618,7 +620,7 @@ USE_PSK=0
|
||||
HOSTAPD_DEBUG_ARGS=
|
||||
REDIRECT_TO_LOCALHOST=0
|
||||
|
||||
CONFIG_OPTS=(CHANNEL GATEWAY WPA_VERSION ETC_HOSTS DHCP_DNS NO_DNS HIDDEN ISOLATE_CLIENTS SHARE_METHOD
|
||||
CONFIG_OPTS=(CHANNEL GATEWAY WPA_VERSION ETC_HOSTS DHCP_DNS NO_DNS HIDDEN MAC_FILER ISOLATE_CLIENTS SHARE_METHOD
|
||||
IEEE80211N IEEE80211AC HT_CAPAB VHT_CAPAB DRIVER NO_VIRT COUNTRY FREQ_BAND
|
||||
NEW_MACADDR DAEMONIZE NO_HAVEGED WIFI_IFACE INTERNET_IFACE
|
||||
SSID PASSPHRASE USE_PSK)
|
||||
@ -1012,7 +1014,7 @@ for ((i=0; i<$#; i++)); do
|
||||
fi
|
||||
done
|
||||
|
||||
GETOPT_ARGS=$(getopt -o hc:w:g:dnm: -l "help","hidden","hostapd-debug:","redirect-to-localhost","isolate-clients","ieee80211n","ieee80211ac","ht_capab:","vht_capab:","driver:","no-virt","fix-unmanaged","country:","freq-band:","mac:","dhcp-dns:","daemon","stop:","list","list-running","list-clients:","version","psk","no-haveged","no-dns","mkconfig:","config:" -n "$PROGNAME" -- "$@")
|
||||
GETOPT_ARGS=$(getopt -o hc:w:g:dnm: -l "help","hidden","hostapd-debug:","redirect-to-localhost","mac-filter","isolate-clients","ieee80211n","ieee80211ac","ht_capab:","vht_capab:","driver:","no-virt","fix-unmanaged","country:","freq-band:","mac:","dhcp-dns:","daemon","stop:","list","list-running","list-clients:","version","psk","no-haveged","no-dns","mkconfig:","config:" -n "$PROGNAME" -- "$@")
|
||||
[[ $? -ne 0 ]] && exit 1
|
||||
eval set -- "$GETOPT_ARGS"
|
||||
|
||||
@ -1030,6 +1032,10 @@ while :; do
|
||||
shift
|
||||
HIDDEN=1
|
||||
;;
|
||||
--mac-filter)
|
||||
shift
|
||||
MAC_FILTER=1
|
||||
;;
|
||||
--isolate-clients)
|
||||
shift
|
||||
ISOLATE_CLIENTS=1
|
||||
@ -1551,6 +1557,8 @@ fi
|
||||
|
||||
[[ $HIDDEN -eq 1 ]] && echo "Access Point's SSID is hidden!"
|
||||
|
||||
[[ $MAC_FILTER -eq 1 ]] && echo "MAC address filtering is enabled!"
|
||||
|
||||
[[ $ISOLATE_CLIENTS -eq 1 ]] && echo "Access Point's clients will be isolated!"
|
||||
|
||||
# hostapd config
|
||||
@ -1563,6 +1571,7 @@ channel=${CHANNEL}
|
||||
ctrl_interface=$CONFDIR/hostapd_ctrl
|
||||
ctrl_interface_group=0
|
||||
ignore_broadcast_ssid=$HIDDEN
|
||||
macaddr_acl=${MAC_FILTER}
|
||||
ap_isolate=$ISOLATE_CLIENTS
|
||||
EOF
|
||||
|
||||
|
||||
Reference in New Issue
Block a user