**** BEGIN LOGGING AT Mon Sep 12 02:59:57 2011
Sep 12 08:06:23 <borax> hi !
Sep 12 08:07:42 <borax> I'm new to Fonera (2.0n). How can I handle MAC filtering ?
Sep 12 08:27:33 <blathijs> borax: I don't think that's supported on the 2.0 firmwares
Sep 12 08:28:12 <blathijs> borax: You might be able to script it manually, but do you really need it? It hardly adds any security, using a proper WPA2 encryption is a lot more effective
Sep 12 08:29:23 <borax> I already use a (quite good I think) WPA2 encryption but would like to restrict access a little more...
Sep 12 08:30:22 <borax> Where should I start to script it manually ?
Sep 12 08:31:20 <borax> It's also probably a kind of intellectual game of course, just to understand Fonera a little bit ;-)
Sep 12 08:32:50 <blathijs> For the 2.0n, I think there might be some iwpriv calls involved
Sep 12 08:33:23 <blathijs> but those are a bit underdocumented, I'm afraid
Sep 12 08:33:59 <blathijs> borax: You might want to look around /lib/wifi/rt3052.sh (from the top of my head), that's where the wifi driver is initialized
Sep 12 08:36:32 <borax> I thought I should look to iptables rules... Wrong ?
Sep 12 08:42:29 <blathijs> Hmm, that's another option I didn't consider yet
Sep 12 08:43:17 <blathijs> If you fix this at the driver level, non-whitelisted hosts won't be able to associate at all
Sep 12 08:43:52 <blathijs> if you fix it using iptables, they will be able to associate, but not able to obtain an IP address
Sep 12 08:43:59 <blathijs> but it works just as well, I think
Sep 12 08:44:26 <blathijs> If you go that route, you should probably use the 2.3.7.0 beta1 firmware, which includes /etc/firewall.user by default
Sep 12 09:41:15 <borax> OK, but always with 2.3.6.x. I found a link about /etc/firewall.user in OpenWRT docs... Launched a few un-obvious commands to create it :-)
Sep 12 09:53:02 <blathijs> :-)
Sep 12 09:53:17 <blathijs> borax: You'll have to include it from /etc/config/firewall (IIRC) on 2.3.6.x
Sep 12 09:53:27 <blathijs> borax: I think there's something written about it on wiki.fon.com as well
Sep 12 09:56:16 <borax> Yes, my "un-obvious commands" included it ! Still have to write IPTables rules :-/
**** ENDING LOGGING AT Tue Sep 13 01:52:38 2011

**** BEGIN LOGGING AT Tue Sep 13 19:40:14 2011
**** ENDING LOGGING AT Wed Sep 14 02:59:57 2011