From owner-freebsd-net@FreeBSD.ORG Wed May 13 19:52:19 2009 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E35D106564A for ; Wed, 13 May 2009 19:52:19 +0000 (UTC) (envelope-from brett@lariat.net) Received: from lariat.net (lariat.net [66.119.58.2]) by mx1.freebsd.org (Postfix) with ESMTP id C94778FC18 for ; Wed, 13 May 2009 19:52:18 +0000 (UTC) (envelope-from brett@lariat.net) Received: from anne-o1dpaayth1.lariat.net (IDENT:ppp1000.lariat.net@lariat.net [66.119.58.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id NAA18748; Wed, 13 May 2009 13:52:12 -0600 (MDT) Message-Id: <200905131952.NAA18748@lariat.net> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Wed, 13 May 2009 13:52:03 -0600 To: Stefan Lambrev From: Brett Glass In-Reply-To: References: <200905131648.KAA15455@lariat.net> <5AFBEB69-C59A-4F61-96BE-11E30872A428@moneybookers.com> <200905131903.NAA17981@lariat.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: net@freebsd.org Subject: Re: MAC locking and filtering in FreeBSD X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 May 2009 19:52:19 -0000 At 01:14 PM 5/13/2009, Stefan Lambrev wrote: >Not that I understand how "knowing" mac address is easier for >customers then wpa2 password ;) Most customers would not recognize a WPA2 password if it bit them. ;-) Also, many older operating systems and Wi-Fi cards do not support WPA at all. (For example, Windows 2000 doesn't have a WPA supplicant.) Many game machines, network appliances, and network accessories (including Wi-Fi to Ethernet bridges) don't either. If there's any authentication at all, users want it to be through their Web browsers, because very often they don't know how to interact with the network through any other program. (In fact, many refer to their browsers as "The Internet" and don't know what a browser is.) I know, I know; a lot of folks would say that anyone with this little knowledge should be kept off of the Internet for the sake of his or her safety. But if they're a paying customer at a hotel or coffeehouse there are some venues that just want to accommodate them. In fact, several hotel chains actually INSIST that there be no security on the Wi-Fi. They literally distribute documents mandating this for all of their franchisees. Shortsighted, I know, but that's the awful state of network security today. --Brett P.S. -- I have looked over that Summer of Code work, and it looks like it's applicable. The English in the docs should be cleaned up, but the code looks solid. The tough part would be linking it to dhcpd so that a rule is added when a lease is issued and removed when the lease is not renewed.