From 0bfb81750045be9c8c82a8f8f7bb18f6e6136d94 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 20 Aug 2023 14:56:12 +0200
Subject: wifi: T5491: allow white-/blacklisting station MAC addresses for
 security

Station MAC address-based authentication means:

* 'allow' accept all clients except the one on the deny list
* 'deny' accept only clients listed on the accept list

New CLI commands:

* set interfaces wireless wlan0 security station-address mode <accept|deny>
* set interfaces wireless wlan0 security station-address accept mac <mac>
* set interfaces wireless wlan0 security station-address deny mac <mac>
---
 data/templates/wifi/hostapd_accept_station.conf.j2 | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 data/templates/wifi/hostapd_accept_station.conf.j2

(limited to 'data/templates/wifi/hostapd_accept_station.conf.j2')

diff --git a/data/templates/wifi/hostapd_accept_station.conf.j2 b/data/templates/wifi/hostapd_accept_station.conf.j2
new file mode 100644
index 000000000..a381c947c
--- /dev/null
+++ b/data/templates/wifi/hostapd_accept_station.conf.j2
@@ -0,0 +1,7 @@
+# List of MAC addresses that are allowed to authenticate (IEEE 802.11)
+# with the AP
+{% if security.station_address.accept.mac is vyos_defined %}
+{%     for mac in security.station_address.accept.mac %}
+{{ mac | lower }}
+{%     endfor %}
+{% endif %}
-- 
cgit v1.2.3