MAC locking and filtering in FreeBSD
brett at lariat.net
Wed May 13 19:52:19 UTC 2009
At 01:14 PM 5/13/2009, Stefan Lambrev wrote:
>Not that I understand how "knowing" mac address is easier for
>customers then wpa2 password ;)
Most customers would not recognize a WPA2 password if it bit them.
;-) Also, many older operating systems and Wi-Fi cards do not
support WPA at all. (For example, Windows 2000 doesn't have a WPA
supplicant.) Many game machines, network appliances, and network
accessories (including Wi-Fi to Ethernet bridges) don't either. If
there's any authentication at all, users want it to be through
their Web browsers, because very often they don't know how to
interact with the network through any other program. (In fact, many
refer to their browsers as "The Internet" and don't know what a
browser is.) I know, I know; a lot of folks would say that anyone
with this little knowledge should be kept off of the Internet for
the sake of his or her safety. But if they're a paying customer at
a hotel or coffeehouse there are some venues that just want to
accommodate them. In fact, several hotel chains actually INSIST
that there be no security on the Wi-Fi. They literally distribute
documents mandating this for all of their franchisees.
Shortsighted, I know, but that's the awful state of network security today.
P.S. -- I have looked over that Summer of Code work, and it looks
like it's applicable. The English in the docs should be cleaned up,
but the code looks solid. The tough part would be linking it to
dhcpd so that a rule is added when a lease is issued and removed
when the lease is not renewed.
More information about the freebsd-net