Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a wLAN netwotk with corporate clients everyone with single IP.
I need to restrict users to view eachother ( the one client must NOT see the others).
I've tried some rules but anyone views the others.
I need this because:
1.This will be open wireless network(with NO auth)
2.when this is open wireless network enyone will connect to it and someone may sniff the others and hack them
3.the clients are corporations stuff and on the machines maybe is stored private info
I use Linksys WRT54G(this is wireless AP)...the WRT54G is based on linux and have iptables v1.2.11 like linux...
im not sure if this can really be accomplished 100% but a good start is to allow clients access ONLY to the gateway.
the mac address method is also workable.. you use a command like this:
$IPTABLES -A INPUT -i $INSIDE -s 192.168.1.7 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
but unfortunately users do can always set their gateway to something else. they wont have access to internet but I think can still browse to network resources.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.