On Fri, Dec 11, 2015 at 02:47:56PM +0100, Nemo Never wrote: > I'd like to enable MAC address filtering in my WPA-protected hostapd > and I have a few questions: What are you trying to achieve with MAC address filtering? It does not really add any security and the real use cases for it are very limited.. > 1) Is the MAC address checked only once upon authentication, or for > every frame received by hostapd? I really hope it's the former. Filtering is done only during the authentication/association attempt. If the station is not allowed to connect, there won't be an association, so there is no need to check any other frames. > 2) What is the max number of MAC addresses that can be included in the > whitelist (accept_mac_file=...) ? As far as hostapd is concerned, there is no limit on that apart from available memory and the time it takes to check the list. That said, if there driver you are using depends on offloading MAC ACL check into the driver/firmware implementation, there may be constraints on how many entries it support. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap