I am attempting to block connection to a specific BSSID. My friend's son has been getting around the access restrictions I set for the family on my friend's behalf (I have Tomato running on his Linksys), and his son has access to the neighbour's wifi. I want to be able to block the connection to this wifi. I am experimenting with this at home by trying to block my phone from accessing my router. I tried this IP table first:
$IPTABLES -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j DROP
(of course, the 00:00:00:00:00:00 represents the actual MAC address which I am not posting here; and I used all caps for the address)
I still had access to the internet.
I also tried:
$IPTABLES -A INPUT -m mac --mac-source 00:00:00:00:00:00 -j REJECT
Still had access. Though this is not ideal (because the public IP is dynamic and I have no access to the neighbour's router to add a dynamic dns address to implement this should I go this route), I then tried my public IP address:
$IPTABLES -I INPUT -s 11.222.33.44 -j DROP
I still had access to the internet through my router. So I tried this iptable for the fun of it:
$IPTABLES -I INPUT -s 11.222.33.44 -j REJECT
I could still access the internet. Is it even possible to do what I'm trying to do?
P.S. - My phone, as well as my friend's son's phone is rooted.
Last edited by 3happypenguins; 02-27-2014 at 12:55 PM..
Reason: code tags
This is what I use on our routers, which are oldish PC's running Linux, to block a particular customer's MAC from our WAN:
Your current firewall configuration may be relevant. If there's a -j ACCEPT rule which matches before these rules, these will be skipped. IOW, these rules should come early.
It requires NETFILTER_XT_MATCH_MAC to be selected in your kernel. If it's compiled as a module, it must be loaded. It seems to fail silently otherwise, for some reason, which is weird since most other failures like this scream bloody murder.
Phones being rooted shouldn't make a difference since what you're configuring is your router, yes?
Last edited by Corona688; 02-27-2014 at 01:25 PM..
Phones being rooted shouldn't make a difference since what you're configuring is your router, yes?
No. I have no access to the router that I am trying to block. I am trying to force my friend's son to use his router at home. What he is doing is disconnecting from the home router (which has access restrictions) and connecting to his neighbour's router (which does not) so he can be on his phone in the middle of the night with no blocks or filters (aka, porn).
I downloaded AFWall+ (a firewall app) on Android and I am attempting to put in some iptables that will block the phone from accessing the router based on the router's BSSID. I can find the neighbour's BSSID easily by going to Tools > Wireless Survey in the home router.
So in short, I want to put the iptables in the PHONE (via AFWall+) to block the phone from being able to access the neighbour's router.
Well, the same principle ought to work on the client side, but if you're doing this in Android, you have a whole lot less control. It seems doubtful your manufacturer would have bothered including firewall functionality in the kernel.
You could ask your neighbor to change their password
You seem to have the same rule in INPUT twice -- instead of once in INPUT, another in FORWARD.
Do you have the required things compiled for your kernel?
Can you further elaborate? In AFWall+, I navigate to 'Set Custom Script', then I enter
I choose 'OK'. Then I go to the menu again, and choose 'Enable Firewall.' It says the rules are applied successfully. I go to an app, and I still have access to the internet.
I don't understand what you mean when you say "You seem to have the same rule in INPUT twice -- instead of once in INPUT, another in FORWARD."
I also don't understand what you mean when you say, "Do you have the required things compiled for your kernel?" Am I supposed to copy and paste the code you gave somewhere? If so, where? I am just using an app. I'm not using a command line.
Hi,
One of our old Digital Alpha Server has died (CPU Failure). I want to recover a file from that server. Backups were done via Networker, however, cross platform recovery is not supported and I don't have any other TRU64 server available.
Is there a VM or Emulator available which can get... (1 Reply)
Hello,
This is really breaking my head. I request you help to solve this problem.
I have a list of files at the source directory (/tmp) as below,
NewTransfer_20131202_APAC.dat
NewTransferFile_20131202_APAC.dat
NewTransfer_20131203_APAC.dat
NewTransferFile_20131203_APAC.dat... (3 Replies)
Hi all,
I have two doms on my machine. I boot my machine from an rfs in one dom1 and mount the other rfs in the other dom2 at /media. Now I wanted to restrict access of users on dom2 to only their home directories. I do not want them to access any other directories on dom1 or dom2. So I mounted... (2 Replies)
Hi, I am trying to permutate each column (Except for IDS).
file.txt
FID IID TOAST1 TOAST2 TOAST3
ID3 ID3 1 -9 2
ID4 ID4 2 1 1
ID1 ID1 -9 -9 1
ID8 ID8 1 1 -9
ID12 ID12 1 2 2
for toast1 column, there are two 1's, two 2's and one -9. Having the same number of denominations,... (2 Replies)
Hi,
I am using below script to get the below given output. But i am wondering how to pick the names from below output.
Script:
echo "dis ql(*) cluster(CT.CL.RIBRSBT3)"| runmqsc CT.QM.701t8|egrep QUEUE|sed -e 's/QUEUE(/ /'|sed -e 's/)/ /'
Output:
... (10 Replies)
Hello,
I'm having problem with an iptables rule. It seems that on one of two systems on the nat table, the INPUT chain doesn't exist for some strange reason.
I get the error below:
# iptables -t nat -A INPUT -j ACCEPT
iptables: No chain/target/match by that name.
Here is my kernel on... (0 Replies)
Generally, most people, I guess, go from 5.3 ML4 Directly to TL 7. So they may never run into this issue.
For the rest of us, here is the resolution of my problem in going from ML6 to TL7.
Apparently with the change from ML to TL IBM added a "BuildDate Verification" routine into... (1 Reply)