Project

General

Profile

Actions
Copy link

Feature #14928

open

FEATURE REQUEST: Wireless ath0 and MAC address controls

Added by Jonathan Lee 6 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Wireless
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default

Description

ifconfig ath0_wlan0 list mac

This has the ability to have a ACL lists added. Can we please have the ability to migrate the ACL or static assigned MAC addresses into the Wireless settings?

ifconfig ath0_wlan0 mac:add

https://man.freebsd.org/cgi/man.cgi?ifconfig

@ MAC-Based Access Control List Parameters
       The  following  parameters support an optional access control list fea-
       ture available with some     adapters  when     operating  in    ap  mode;  see
       wlan_acl(4).  This facility allows an access point to accept/deny asso-
       ciation    requests  based     on the    MAC address of the station.  Note that
       this feature does not significantly enhance  security  as  MAC  address
       spoofing    is easy    to do.
mac:add address
           Add  the     specified  MAC    address    to the database.  Depending on
           the policy setting association requests from the    specified sta-
           tion will be allowed or denied.
mac:allow
           Set the ACL policy to permit association    only by    stations  reg-
           istered in the database.
mac:del address
           Delete the specified MAC    address    from the database.
mac:deny
           Set  the    ACL policy to deny association only by stations    regis-
           tered in    the database.
mac:kick    address
           Force the specified station to be deauthenticated.  This     typi-
           cally  is  done    to  block a station after updating the address
           database.
mac:open
           Set the ACL policy to allow all stations    to associate.
mac:flush
           Delete all entries in the database.
mac:radius
           Set the ACL policy to permit association    only by     stations  ap-
           proved by a RADIUS server.  Note    that this feature requires the
           hostapd(8)  program  be    configured to do the right thing as it
           handles the RADIUS processing (and  marks  stations  as    autho-
           rized).

@

This ability is already part of FreeBSD and can be accessed in pfSense from command line. This would provide greater security into the pcie mini card also.

If we have items statically assigned in DHCP it would be easy to migrate that into auto added MAC adds

No data to display

Actions
Copy link

Also available in: Atom PDF