MAC locking and filtering in FreeBSD

[Brett Glass]

At 01:14 PM 5/13/2009, Stefan Lambrev wrote:
>Not that I understand how "knowing" mac address is easier for 
>customers then wpa2 password ;)

Most customers would not recognize a WPA2 password if it bit them. 
;-) Also, many older operating systems and Wi-Fi cards do not 
support WPA at all. (For example, Windows 2000 doesn't have a WPA 
supplicant.) Many game machines, network appliances, and network 
accessories  (including Wi-Fi to Ethernet bridges) don't either. If 
there's any authentication at all, users want it to be through 
their Web browsers, because very often they don't know how to 
interact with the network through any other program. (In fact, many 
refer to their browsers as "The Internet" and don't know what a 
browser is.) I know, I know; a lot of folks would say that anyone 
with this little knowledge should be kept off of the Internet for 
the sake of his or her safety. But if they're a paying customer at 
a hotel or coffeehouse there are some venues that just want to 
accommodate them. In fact, several hotel chains actually INSIST 
that there be no security on the Wi-Fi. They literally distribute 
documents mandating this for all of their franchisees. 
Shortsighted, I know, but that's the awful state of network security today.

--Brett

P.S. -- I have looked over that Summer of Code work, and it looks 
like it's applicable. The English in the docs should be cleaned up, 
but the code looks solid. The tough part would be linking it to 
dhcpd so that a rule is added when a lease is issued and removed 
when the lease is not renewed.