diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-08-20 14:56:12 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-08-20 15:02:59 +0200 |
| commit | 0bfb81750045be9c8c82a8f8f7bb18f6e6136d94 (patch) | |
| tree | ffd0138878c409a3e620dad153170f60e5e9b395 /interface-definitions | |
| parent | ffb798b4678f3b1bd0a40cc42b1f0477470346dc (diff) | |
| download | vyos-1x-0bfb81750045be9c8c82a8f8f7bb18f6e6136d94.tar.gz vyos-1x-0bfb81750045be9c8c82a8f8f7bb18f6e6136d94.zip | |
wifi: T5491: allow white-/blacklisting station MAC addresses for security
Station MAC address-based authentication means:
* 'allow' accept all clients except the one on the deny list
* 'deny' accept only clients listed on the accept list
New CLI commands:
* set interfaces wireless wlan0 security station-address mode <accept|deny>
* set interfaces wireless wlan0 security station-address accept mac <mac>
* set interfaces wireless wlan0 security station-address deny mac <mac>
Diffstat (limited to 'interface-definitions')
| -rw-r--r-- | interface-definitions/include/interface/mac-multi.xml.i | 15 | ||||
| -rw-r--r-- | interface-definitions/interfaces-wireless.xml.in | 43 |
2 files changed, 58 insertions, 0 deletions
diff --git a/interface-definitions/include/interface/mac-multi.xml.i b/interface-definitions/include/interface/mac-multi.xml.i new file mode 100644 index 000000000..458372e67 --- /dev/null +++ b/interface-definitions/include/interface/mac-multi.xml.i @@ -0,0 +1,15 @@ +<!-- include start from interface/mac-multi.xml.i --> +<leafNode name="mac"> + <properties> + <help>Media Access Control (MAC) address</help> + <valueHelp> + <format>macaddr</format> + <description>Hardware (MAC) address</description> + </valueHelp> + <constraint> + <validator name="mac-address"/> + </constraint> + <multi/> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index 421d46c6e..88b858c07 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -595,6 +595,49 @@ <help>Wireless security settings</help> </properties> <children> + <node name="station-address"> + <properties> + <help>Station MAC address based authentication</help> + </properties> + <children> + <leafNode name="mode"> + <properties> + <help>Select security operation mode</help> + <completionHelp> + <list>accept deny</list> + </completionHelp> + <valueHelp> + <format>accept</format> + <description>Accept all clients unless found in deny list</description> + </valueHelp> + <valueHelp> + <format>deny</format> + <description>Deny all clients unless found in accept list</description> + </valueHelp> + <constraint> + <regex>(accept|deny)</regex> + </constraint> + </properties> + <defaultValue>accept</defaultValue> + </leafNode> + <node name="accept"> + <properties> + <help>Accept station MAC address</help> + </properties> + <children> + #include <include/interface/mac-multi.xml.i> + </children> + </node> + <node name="deny"> + <properties> + <help>Deny station MAC address</help> + </properties> + <children> + #include <include/interface/mac-multi.xml.i> + </children> + </node> + </children> + </node> <node name="wep"> <properties> <help>Wired Equivalent Privacy (WEP) parameters</help> |