OpenWrt Forum Archive

Topic: Wireless MAC Filtering (Kamikaze 7.06)

The content of this topic has been archived on 21 Feb 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

>>>  WIRELESS MAC FILTERING GUIDE
    1- ipkg install wl        (install broadcom wireless driver if not already installed. Not sure if this package is really needed. I think 'WLC' is already installed in base system)
    2- vim /etc/init.d/wlmacfilter
        |-->
            #!/bin/sh /etc/rc.common
            # The macfilter 2 means that the filter works in "Allow" mode.
            # Other options are: 0 - disabled, or 1 - Deny.
            # wlc ifname wl0 maclist "xx:xx:xx:xx:xx:xx xx:xx:xx:xx:xx:xx"
            START=47
            start() {
                wlc ifname wl0 maclist "xx:xx:xx:xx:xx:xx"
                wlc ifname wl0 macfilter 2
                }
           
            stop() {
                wlc ifname wl0 maclist none
                wlc ifname wl0 macfilter 0
                }
    3- chmod 755 /etc/init.d/wlmacfilter
    4- /etc/init.d/wlmacfilter enable        (this will create symbolic link in /etc/rc.d/S47wlmacfilter to start at BOOT)

Is there any clarity on the wl package being needed or not?

I haven't installed it, and I am running the WLAN MAC filter as described above. Since the script does not contain any references to wl, I'd think it's redundant... But you never know.

I was under the impression that MAC whitelisting was largely a waste of time, due to the ease of MAC address spoofing ... neutral

True, but it keeps the noobs out smile. It's not like my 63 bit random AES key is gonna get cracked anytime soon ^_^

Why not using ebtables or iptables for MAC filtering?

forum2006 wrote:

Why not using ebtables or iptables for MAC filtering?

Because filtering using the driver is done in hardware, from what I understand. Filterting with [eb|ip]tables uses CPU.

I accidentally ran the firstboot command and i had to reconfigure my router. So I tried the  wlmacfilter without installing  the "wl: package and it worked. So the wl package is not needed, at least on my configurations (before, Linksys WRT54-GL, now Asus WL500G-Premium).

The discussion might have continued from here.