From owner-freebsd-mobile@FreeBSD.ORG Mon May 19 22:42:34 2003 Return-Path: Delivered-To: freebsd-mobile@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F7B637B401 for ; Mon, 19 May 2003 22:42:34 -0700 (PDT) Received: from mail.forko.com (forko.com [206.14.189.156]) by mx1.FreeBSD.org (Postfix) with ESMTP id 96C0B43F93 for ; Mon, 19 May 2003 22:42:33 -0700 (PDT) (envelope-from matt@peterson.org) Received: (qmail 85376 invoked by uid 89); 19 May 2003 22:41:44 -0700 Received: from adsl-63-200-129-197.dsl.snfc21.pacbell.net (HELO ?192.168.0.233?) (matt@peterson.org@63.200.129.197) by mail.sfo.forko.com with DES-CBC3-SHA encrypted SMTP; 19 May 2003 22:41:44 -0700 Date: Mon, 19 May 2003 22:42:39 -0700 From: Matt Peterson To: Vaclav Petricek Message-ID: <14425683.1053384159@[192.168.0.233]> In-Reply-To: References: X-Mailer: Mulberry/3.0.0 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline cc: freebsd-mobile@freebsd.org Subject: Re: wi - filtering traffic between stations on the same AP X-BeenThere: freebsd-mobile@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Mobile computing with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 May 2003 05:42:34 -0000 Might wanna try IPFW2 MAC address filtering, might work. --On Saturday, May 17, 2003 2:40 PM +0200 Vaclav Petricek wrote: > > Hello > > I would like to be able to filter traffic between stations connected to > a single AP. The AP should be used just for Internet access and not for > communication between local stations. > > Reason: > 1. I do not want the stations to use the AP as a retranslation point where > they do not see each other directly > 2. I want to limit the traffic generated by windows broadcasts etc. > > I have seen in the wi driver that when the packet is destined for an > associated station, or it is a broad/multi/cast it gets retransmitted > immediatelly. > > My questions are: > > 1. Is there a way to force these packets to go through ipfw without > patching kernel? I have seen some sysctls that should control the ethernet > level filtering but I had no luck making it work on a single wi interface. > A pointer describing the data flow between interface kernel modules, > kernel and firewall modules would be great. > 2. In case I do have to make a patch to implement this filtering, what is > the best way to encapsulate it? Some flag to ifconfig that says drop > broadcasts and do not resend packets to associated stations? > > Thanks for any hints, > > -- > > Vaclav Petricek > > _______________________________________________ > freebsd-mobile@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-mobile > To unsubscribe, send any mail to "freebsd-mobile-unsubscribe@freebsd.org" > -- Matt Peterson another.geek.without.a.life matt@peterson.org http://matt.peterson.org/ -------------------------------------------------