summaryrefslogtreecommitdiff
path: root/data/templates/wifi/hostapd_deny_station.conf.j2
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-08-20 14:56:12 +0200
committerChristian Breunig <christian@breunig.cc>2023-08-20 15:02:59 +0200
commit0bfb81750045be9c8c82a8f8f7bb18f6e6136d94 (patch)
treeffd0138878c409a3e620dad153170f60e5e9b395 /data/templates/wifi/hostapd_deny_station.conf.j2
parentffb798b4678f3b1bd0a40cc42b1f0477470346dc (diff)
downloadvyos-1x-0bfb81750045be9c8c82a8f8f7bb18f6e6136d94.tar.gz
vyos-1x-0bfb81750045be9c8c82a8f8f7bb18f6e6136d94.zip
wifi: T5491: allow white-/blacklisting station MAC addresses for security
Station MAC address-based authentication means: * 'allow' accept all clients except the one on the deny list * 'deny' accept only clients listed on the accept list New CLI commands: * set interfaces wireless wlan0 security station-address mode <accept|deny> * set interfaces wireless wlan0 security station-address accept mac <mac> * set interfaces wireless wlan0 security station-address deny mac <mac>
Diffstat (limited to 'data/templates/wifi/hostapd_deny_station.conf.j2')
-rw-r--r--data/templates/wifi/hostapd_deny_station.conf.j27
1 files changed, 7 insertions, 0 deletions
diff --git a/data/templates/wifi/hostapd_deny_station.conf.j2 b/data/templates/wifi/hostapd_deny_station.conf.j2
new file mode 100644
index 000000000..fb2950dda
--- /dev/null
+++ b/data/templates/wifi/hostapd_deny_station.conf.j2
@@ -0,0 +1,7 @@
+# List of MAC addresses that are not allowed to authenticate
+# (IEEE 802.11) with the access point
+{% if security.station_address.deny.mac is vyos_defined %}
+{% for mac in security.station_address.deny.mac %}
+{{ mac | lower }}
+{% endfor %}
+{% endif %}