This is probably a openwrt question but even so it might have some impact on batman-adv.
I am planing to use mac filtering through iptables on openwrt with a default policy of deny all, allowing only by white list the clients that will be allowed t connect.
My question to the batman team is if by applying this idea and since batman-adv uses MACs to manage the routing; if i will have to white list the other router MACs on the router or routers that will be filtering MACs with iptables or batman-adv is not affected by mac filtering.
On Tuesday, December 18, 2012 08:10:30 HeXiLeD wrote:
This is probably a openwrt question but even so it might have some impact on batman-adv.
I am planing to use mac filtering through iptables on openwrt with a default policy of deny all, allowing only by white list the clients that will be allowed t connect.
My question to the batman team is if by applying this idea and since batman-adv uses MACs to manage the routing; if i will have to white list the other router MACs on the router or routers that will be filtering MACs with iptables or batman-adv is not affected by mac filtering.
iptables works on layer3. Even though you have a mac address filter option it will only catch anything if the packet is moved up to layer3 which does not happen for batman-adv packets. So, iptables will never even see the packets used by batman-adv.
Cheers, Marek
Could you use ebtables instead?
2012/12/17 Marek Lindner lindner_marek@yahoo.de:
On Tuesday, December 18, 2012 08:10:30 HeXiLeD wrote:
This is probably a openwrt question but even so it might have some impact on batman-adv.
I am planing to use mac filtering through iptables on openwrt with a default policy of deny all, allowing only by white list the clients that will be allowed t connect.
My question to the batman team is if by applying this idea and since batman-adv uses MACs to manage the routing; if i will have to white list the other router MACs on the router or routers that will be filtering MACs with iptables or batman-adv is not affected by mac filtering.
iptables works on layer3. Even though you have a mac address filter option it will only catch anything if the packet is moved up to layer3 which does not happen for batman-adv packets. So, iptables will never even see the packets used by batman-adv.
Cheers, Marek
On Wed, Jan 02, 2013 at 02:45:27PM +0800, Marek Lindner wrote:
On Friday, December 28, 2012 06:59:40 Esteban Municio wrote:
Could you use ebtables instead?
I was told you can use ebtables but I never used it.
But keep in mind that ebtables works with bridge interfaces only, therefore you must first create a bridge, add bat0 to it and then use ebtables onto the bridge interface.
Cheers,
b.a.t.m.a.n@lists.open-mesh.org
-
Antonio Quartulli -
Esteban Municio -
HeXiLeD -
Marek Lindner