On Mon, May 06, 2013 at 06:36:52PM +0000, jack seth wrote: > Does anyone know how to totally isolate wireless clients from > each other that are on a hotspot/guest WLAN? I thought ebtables > might be the way but I can't figure it out. Thanks! If CONFIG_BRIDGE_NETFILTER=y you should be able to filter this in your FORWARD chain, e.g., for an unbridged wlan0: -A FORWARD -i wlan0 -o wlan0 -j DROP (You might want to use a user chain with appropriate REJECT rules for the protocol in question.) If CONFIG_BRIDGE_NETFILTER=y and wlan0 is part of a bridge, you would need the physdev match: -A FORWARD -i br0 -o br0 -m physdev --physdev-in wlan0 --physdev-out wlan0 -j DROP However, do note that 802.11, being radio traffic, can be sniffed by any receiver. You cannot prevent that. -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
