Re: MAC filtering

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 11, 2015 at 02:47:56PM +0100, Nemo Never wrote:
> I'd like to enable MAC address filtering in my WPA-protected hostapd
> and I have a few questions:

What are you trying to achieve with MAC address filtering? It does not
really add any security and the real use cases for it are very limited..

> 1) Is the MAC address checked only once upon authentication, or for
> every frame received by hostapd? I really hope it's the former.

Filtering is done only during the authentication/association attempt. If
the station is not allowed to connect, there won't be an association, so
there is no need to check any other frames.

> 2) What is the max number of MAC addresses that can be included in the
> whitelist (accept_mac_file=...) ?

As far as hostapd is concerned, there is no limit on that apart from
available memory and the time it takes to check the list. That said, if
there driver you are using depends on offloading MAC ACL check into the
driver/firmware implementation, there may be constraints on how many
entries it support.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux