I have my WiFi network on a hostapd controlled 10.10.10.* range and my wired LAN on a 192.168.1.* range.
I try to be a "nice guy" and leave the WiFi 'open' (no WEP) as it's segregated and I use some proper shorewall rules to route things nicely for my various privileged devices. Also, some WiFi devices I have just don't support WEP, and it's a real hassle to get others working with WEP. I don't mind the occasional person jumping on to check movie times or traffic or get email or whatever. I think bandwidth should be free for everyone and it is sure a life saver when you need to quickly get online for something. Anyways, sometimes I have stupid neighbors who don't quite "get it" and will just blindly let their computers connect to my WAP. UGH! They sit on it for hours and days and generally piss me off. How can I boot someone off my network? I usually add them to my shorewall blacklist file, and then: /etc/init.d/dhcp restart /etc/init.d/shorewall restart But I still see them on there it seems. http://daevid.com/examples/dhcp (essentially it's doing an 'arp -n' and then I parse that info and make it pretty) daevid dhcp # arp -n Address HWtype HWaddress Flags Mask Iface 10.10.10.7 ether 00:06:25:12:4A:D8 C wlan0 10.10.10.27 ether 00:19:7E:C5:02:AB C wlan0 67.168.160.1 ether 00:01:5C:23:D7:02 C eth0 10.10.10.69 ether 00:02:6F:21:DF:5C C wlan0 192.168.1.18 ether 00:0C:F1:A8:F7:F3 C eth1 I googled and found this little nugget that I thought would work: http://www.linuxforums.org/forum/linux-newbie/5752-dhcpd-iptables-deny-m ac-addresses.html # iptables -A FORWARD -m mac --mac-source 00:19:7E:C5:02:AB -j DROP But I still see this squatter. And I can feel my network being sluggish as they're probably downloading a lot of stuff. -- [EMAIL PROTECTED] mailing list