diff options
author | Christian Breunig <christian@breunig.cc> | 2023-08-20 14:56:12 +0200 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-08-20 15:02:59 +0200 |
commit | 0bfb81750045be9c8c82a8f8f7bb18f6e6136d94 (patch) | |
tree | ffd0138878c409a3e620dad153170f60e5e9b395 /data/templates/wifi/hostapd_deny_station.conf.j2 | |
parent | ffb798b4678f3b1bd0a40cc42b1f0477470346dc (diff) | |
download | vyos-1x-0bfb81750045be9c8c82a8f8f7bb18f6e6136d94.tar.gz vyos-1x-0bfb81750045be9c8c82a8f8f7bb18f6e6136d94.zip |
wifi: T5491: allow white-/blacklisting station MAC addresses for security
Station MAC address-based authentication means:
* 'allow' accept all clients except the one on the deny list
* 'deny' accept only clients listed on the accept list
New CLI commands:
* set interfaces wireless wlan0 security station-address mode <accept|deny>
* set interfaces wireless wlan0 security station-address accept mac <mac>
* set interfaces wireless wlan0 security station-address deny mac <mac>
Diffstat (limited to 'data/templates/wifi/hostapd_deny_station.conf.j2')
-rw-r--r-- | data/templates/wifi/hostapd_deny_station.conf.j2 | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/data/templates/wifi/hostapd_deny_station.conf.j2 b/data/templates/wifi/hostapd_deny_station.conf.j2 new file mode 100644 index 000000000..fb2950dda --- /dev/null +++ b/data/templates/wifi/hostapd_deny_station.conf.j2 @@ -0,0 +1,7 @@ +# List of MAC addresses that are not allowed to authenticate +# (IEEE 802.11) with the access point +{% if security.station_address.deny.mac is vyos_defined %} +{% for mac in security.station_address.deny.mac %} +{{ mac | lower }} +{% endfor %} +{% endif %} |