All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alex Buie <alex.buie@datto.com>
Cc: netfilter@vger.kernel.org
Subject: Re: WiFi Hotspot Disable Neighbor discovery,Ask
Date: Sat, 20 Jun 2020 22:31:07 -0400	[thread overview]
Message-ID: <CANGix0A5Wq-GmbfgfGVpd4vo9PczshSMPw7jVkKyQWprgiSrWw@mail.gmail.com> (raw)
In-Reply-To: <e8de3662-249c-598b-cd0d-e97ccc500449@gmail.com>

You -might- need to fiddle with the nf-call-iptables sysctls for those
firewall rules to work. I haven't personally tried this for a wifi
adapter in infrastructure mode (only wired bridges) but it might
help/apply to your setup.

See https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
for some info.


R's,

Alex

On Mon, Jun 15, 2020, 11:38 PM Hooman <mailinglister.hooman@gmail.com> wrote:
>
> Hi,
>
> I am using WiFi hotspot feature of Ubuntu 18.04 to create a hotspot for
> my devices. I need to prevent different devices on the network from
> contacting each other.
>
> More specifically, I have two phones on the network, I would like them
> not to be able to send any packets to each other. Right now if phone 1
> is using IP address 10.42.0.172 and phone 2 is using 10.42.0.59, I can
> use phone 1 to ping 10.42.0.59.
>
> I would like to disable connections between different hosts on the
> network created by the hotspot.
>
> I tried using iptables to drop local traffic. However, it seems like the
> iptables don't have any effect on these packets.
>
> I do see local packets on wireshark though. I'm wondering if local
> packets are forwarded directly without hitting the iptable rules.
>
> Is it possible to use iptables or ebtables to filter these packets? Is
> there any other solution to this?
>
> Thank you
>


  reply	other threads:[~2020-06-21  2:31 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-16  3:38 WiFi Hotspot Disable Neighbor discovery,Ask Hooman
2020-06-21  2:31 ` Alex Buie [this message]
2020-06-16 10:09 G.W. Haywood
     [not found] ` <44cc0842-bd3b-986e-9537-bd11d980e61b@gmail.com>
2020-06-20 21:48   ` Hooman
2020-06-20 23:35     ` G.W. Haywood
2020-06-26 18:07     ` Hooman
2020-06-27 12:01       ` G.W. Haywood
2020-06-27 23:26         ` Hooman Mohajeri
2020-07-09  5:42         ` Trent W. Buck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CANGix0A5Wq-GmbfgfGVpd4vo9PczshSMPw7jVkKyQWprgiSrWw@mail.gmail.com \
    --to=alex.buie@datto.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.