Secure Wireless Router using FreeBSD ...

[Nikos Vassiliadis]

Taking this to questions@, since it feels like a more appropriate place
than net at .

On Friday 19 October 2007 08:27:02 Marc G. Fournier wrote:
> Within my Linksys, I can restrict wireless to MAC addresses, as well as
> using stuff like WPA ... quick search on google, and I found:
>
>       
> <http://www.howtoforge.com/setting_up_a_freebsd_wlan_access_point>
>
> Which talks about setting up a WPA based wireless network ... but, some
> way of doing MAC based restrictions as well?  I'm suspecting that I can
> using pf, deny all MAC then allow specific ones ...

No, you can't do MAC address based filtering with pf, I think
other BSDs can tag frames with particular MAC addresses using
if_bridge and then create filtering rules based on tags.

But, it's even easier, you can do it with ifconfig when you
operate as an AP. Search the ifconfig manual for "mac:"

It can be argued that MAC address filtering enhances security.

> What I would like to 
> find, if it exists, is an application that I can run on FreeBSD so that
> there is a "user friendly" interface to this, vs having someone have to
> muddle with flat files and reload rules ...
>
> Now, I just found 'Chillispot' in ports ... has anyone used this?  Is
> there something else that is better that runs under FreeBSD?

Pfsense is FreeBSD based and very user friendly. But it's not something
you run "on" FreeBSD, it's a specialized version of FreeBSD. That said,
you *can* ssh to pfsense and control it almost as it were a FreeBSD box.
Perhaps you should give it a try, there is a live CD version.

HTH

Nikos