diff options
Diffstat (limited to 'data')
-rw-r--r-- | data/templates/wifi/hostapd.conf.j2 | 12 | ||||
-rw-r--r-- | data/templates/wifi/hostapd_accept_station.conf.j2 | 7 | ||||
-rw-r--r-- | data/templates/wifi/hostapd_deny_station.conf.j2 | 7 |
3 files changed, 24 insertions, 2 deletions
diff --git a/data/templates/wifi/hostapd.conf.j2 b/data/templates/wifi/hostapd.conf.j2 index f2312d2d4..613038597 100644 --- a/data/templates/wifi/hostapd.conf.j2 +++ b/data/templates/wifi/hostapd.conf.j2 @@ -430,14 +430,22 @@ ieee80211n={{ '1' if 'n' in mode or 'ac' in mode else '0' }} ignore_broadcast_ssid=1 {% endif %} -# Station MAC address -based authentication +{% if type is vyos_defined('access-point') %} +# Station MAC address-based authentication # Please note that this kind of access control requires a driver that uses # hostapd to take care of management frame processing and as such, this can be # used with driver=hostap or driver=nl80211, but not with driver=atheros. # 0 = accept unless in deny list # 1 = deny unless in accept list # 2 = use external RADIUS server (accept/deny lists are searched first) -macaddr_acl=0 +macaddr_acl={{ '0' if security.station_address.mode is vyos_defined('accept') else '1' }} + +# Accept/deny lists are read from separate files (containing list of +# MAC addresses, one per line). Use absolute path name to make sure that the +# files can be read on SIGHUP configuration reloads. +accept_mac_file={{ hostapd_accept_station_conf }} +deny_mac_file={{ hostapd_deny_station_conf }} +{% endif %} {% if max_stations is vyos_defined %} # Maximum number of stations allowed in station table. New stations will be diff --git a/data/templates/wifi/hostapd_accept_station.conf.j2 b/data/templates/wifi/hostapd_accept_station.conf.j2 new file mode 100644 index 000000000..a381c947c --- /dev/null +++ b/data/templates/wifi/hostapd_accept_station.conf.j2 @@ -0,0 +1,7 @@ +# List of MAC addresses that are allowed to authenticate (IEEE 802.11) +# with the AP +{% if security.station_address.accept.mac is vyos_defined %} +{% for mac in security.station_address.accept.mac %} +{{ mac | lower }} +{% endfor %} +{% endif %} diff --git a/data/templates/wifi/hostapd_deny_station.conf.j2 b/data/templates/wifi/hostapd_deny_station.conf.j2 new file mode 100644 index 000000000..fb2950dda --- /dev/null +++ b/data/templates/wifi/hostapd_deny_station.conf.j2 @@ -0,0 +1,7 @@ +# List of MAC addresses that are not allowed to authenticate +# (IEEE 802.11) with the access point +{% if security.station_address.deny.mac is vyos_defined %} +{% for mac in security.station_address.deny.mac %} +{{ mac | lower }} +{% endfor %} +{% endif %} |