Vaclav Petricek vaclav.petricek at mff.cuni.cz
Sat May 17 05:33:37 PDT 2003


I would like to be able to filter traffic between stations connected to
a single AP. The AP should be used just for Internet access and not for
communication between local stations.

1. I do not want the stations to use the AP as a retranslation point where
   they do not see each other directly
2. I want to limit the traffic generated by windows broadcasts etc.

I have seen in the wi driver that when the packet is destined for an
associated station, or it is a broad/multi/cast it gets retransmitted

My questions are:

1. Is there a way to force these packets to go through ipfw without
patching kernel? I have seen some sysctls that should control the ethernet
level filtering but I had no luck making it work on a single wi interface.
A pointer describing the data flow between interface kernel modules,
kernel and firewall modules would be great.
2. In case I do have to make a patch to implement this filtering, what is
the best way to encapsulate it? Some flag to ifconfig that says drop
broadcasts and do not resend packets to associated stations?

Thanks for any hints,


Vaclav Petricek

