wifi: T5491: allow white-/blacklisting station MAC addresses for security

Station MAC address-based authentication means: * 'allow' accept all clients except the one on the deny list * 'deny' accept only clients listed on the accept list New CLI commands: * set interfaces wireless wlan0 security station-address mode <accept|deny> * set interfaces wireless wlan0 security station-address accept mac <mac> * set interfaces wireless wlan0 security station-address deny mac <mac>
author: Christian Breunig <christian@breunig.cc> 2023-08-20 14:56:12 +0200
committer: Christian Breunig <christian@breunig.cc> 2023-08-20 15:02:59 +0200
commit: 0bfb81750045be9c8c82a8f8f7bb18f6e6136d94 (patch)
tree: ffd0138878c409a3e620dad153170f60e5e9b395 /interface-definitions/interfaces-wireless.xml.in
parent: ffb798b4678f3b1bd0a40cc42b1f0477470346dc (diff)
download: vyos-1x-0bfb81750045be9c8c82a8f8f7bb18f6e6136d94.tar.gz
vyos-1x-0bfb81750045be9c8c82a8f8f7bb18f6e6136d94.zip
1 files changed, 43 insertions, 0 deletions
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index 421d46c6e..88b858c07 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -595,6 +595,49 @@
               <help>Wireless security settings</help>
             </properties>
             <children>
+              <node name="station-address">
+                <properties>
+                  <help>Station MAC address based authentication</help>
+                </properties>
+                <children>
+                  <leafNode name="mode">
+                    <properties>
+                      <help>Select security operation mode</help>
+                      <completionHelp>
+                        <list>accept deny</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>accept</format>
+                        <description>Accept all clients unless found in deny list</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>deny</format>
+                        <description>Deny all clients unless found in accept list</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(accept|deny)</regex>
+                      </constraint>
+                    </properties>
+                    <defaultValue>accept</defaultValue>
+                  </leafNode>
+                  <node name="accept">
+                    <properties>
+                      <help>Accept station MAC address</help>
+                    </properties>
+                    <children>
+                      #include <include/interface/mac-multi.xml.i>
+                    </children>
+                  </node>
+                  <node name="deny">
+                    <properties>
+                      <help>Deny station MAC address</help>
+                    </properties>
+                    <children>
+                      #include <include/interface/mac-multi.xml.i>
+                    </children>
+                  </node>
+                </children>
+              </node>
               <node name="wep">
                 <properties>
                   <help>Wired Equivalent Privacy (WEP) parameters</help>
author	Christian Breunig <christian@breunig.cc>	2023-08-20 14:56:12 +0200
committer	Christian Breunig <christian@breunig.cc>	2023-08-20 15:02:59 +0200
commit	0bfb81750045be9c8c82a8f8f7bb18f6e6136d94 (patch)
tree	ffd0138878c409a3e620dad153170f60e5e9b395 /interface-definitions/interfaces-wireless.xml.in
parent	ffb798b4678f3b1bd0a40cc42b1f0477470346dc (diff)
download	vyos-1x-0bfb81750045be9c8c82a8f8f7bb18f6e6136d94.tar.gz vyos-1x-0bfb81750045be9c8c82a8f8f7bb18f6e6136d94.zip