OpenWrt Forum Archive

Topic: [Howto] MAC filtering for Atheros and Broadcom WiFi

The content of this topic has been archived on 8 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

[Howto] MAC filtering for Madwifi and Broadcom WiFi

1. Madwifi

NOTE: Tested with trunk and it works.

MAC filtering for Madwifi is implemented in /lib/wifi/madwifi.sh (changeset [9624]).

uci set wireless.cfg2.maclist="mac1 mac2 mac3 macN"
uci set wireless.cfg2.macpolicy=deny
uci commit wireless
wifi
Option     Values                  Default       Description
maclist    MAC Address                           The MAC addresses seperated by space in this format: 00:11:22:33:44:55, enter the MAC address in lower case
macpolicy  [allow|deny]            deny          allow: whitelist ; deny: blacklist.
                                                 If option macfilter is not set, the maclist defaults to deny/blacklist mode

2. Broadcom WiFi

NOTE: I have tested for Broadcom WiFi too, but it does not seem to work for me. I can always connect.

MAC filtering for Broadcom WiFi is implemented in /lib/wifi/broadcom.sh (changeset [8108:8792]).

uci set wireless.cfg2.maclist="mac1 mac2 mac3 macN"
uci set wireless.cfg2.macfilter=deny
uci commit wireless
wifi
Option     Values                  Default       Description
maclist    MAC Address                           The MAC addresses seperated by space in this format: 00:11:22:33:44:55
macfilter  [allow|deny|disable]    deny

@Developers: Please fix MAC filtering for Broadcom WiFi and use the same config options for both Madwifi and Broadcom configuration.

(Last edited by forum2006 on 9 Dec 2007, 12:32)

Thanks for posting this how to forum2006. Here is a break down of how the option macfilter <arg> works:

allow = uses maccmd 1 To make 'option maclist' a whitelist.

deny = uses maccmd 2 To make 'option maclist' a blacklist.

If option macfilter is not set, the maclist defaults to deny/blacklist mode

**MAC addresses entered into 'option maclist ' appear to be case sensitive.

(Last edited by nullboy on 7 Dec 2007, 05:54)

forum2006 wrote:

@Developers: Please fix MAC filtering for Broadcom WiFi and use the same config options for both Madwifi and Broadcom configuration.

Seems fixed with [9805]. Not tested by myself.

nullboy wrote:

Thanks for posting this how to forum2006. Here is a break down of how the option macfilter <arg> works:

allow = uses maccmd 1 To make 'option maclist' a whitelist.

deny = uses maccmd 2 To make 'option maclist' a blacklist.

If option macfilter is not set, the maclist defaults to deny/blacklist mode

**MAC addresses entered into 'option maclist ' appear to be case sensitive.

should they be uppercase or lowercase then? mac addresses aren't case sensitive from the devices smile

I do understand you tried to be succinct here; however, this doesn't seem to help me trying to comprehend a MAC address filtering on my Fonera running on an OpenWRT compiled from the SVN trunk. So, if I want my Fonera to ONLY serves these two MAC Addresses 00:11:22:AA:BB:C1 and 00:11:22:aa:bb:c2, then all I need to do on my Fonera is to execute uci as follows

uci set wireless.cfg2.maclist="00:11:22:AA:BB:C1 00:11:22:aa:bb:c2"
uci set wireless.cfg2.macpolicy=allow
uci commit wireless
wifi

With the above set, the requests from other WiFi devices with MAC addresses other than 00:11:22:AA:BB:C1 and  00:11:22:aa:bb:c2 will be rejected, right? If this is right, then if I execute the following:

uci set wireless.cfg2.maclist="00:11:22:AA:BB:C1 00:11:22:aa:bb:c2"
uci set wireless.cfg2.macpolicy=deny
uci commit wireless
wifi

it will allow any WiFi devices whose MAC Addresses are not 00:11:22:AA:BB:C1 and 00:11:22:aa:bb:c2 to connect, right?

BTW, can't this be done in a more simpler way, i.e. editing some configuration files to add the MAC Addresses?

I installed the ebtables_2.0.8-rc2-2_mips.ipk and kmod-ebtables_2.6.23.16-atheros-1_mips.ipk packages on my LaFonera running with OpenWRT compiled off the SVN trunk, Kamikaze (r10563). Then, I rebooted my LaFonera device. When I tried to execute

uci set wireless.cfg2.maclist="00:A0:CB:57:EA:64"

this was what the response I received

uci: Entry not found

. Can anyone please help?

The new uci-c implementation assigns a unique name to every nameless config section. You cannot use sequentially numbered section names (cfg#) anymore (adjust all forum200* replies about cfg# in uci commands).

List the particular config:

uci show wireless
...
wireless.cfg037c8d=wifi-iface
...

and use the unique section name in the subsequent commands:

uci set wireless.cfg037c8d.maclist="00:A0:CB:57:EA:64"

Notice that you cannot use the bold name from this example. If you wonder why, start reading from the beginning again. smile

mazilo: Use the following command to see the current values, so you can find out, how to setup the others...

uci show wireless

(Last edited by PenaPP on 8 Nov 2015, 10:24)

The discussion might have continued from here.