On the default Netgear firmware, there was a master filter list for MAC filtering. Once I entered a description/MAC address, it would work across all four wireless networks (2 normal, 2 guest) networks.
I've got a Nethear R7800 using hnyman's build. I know I can edit the mac filter for each network using:
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'Openwrt'
option network 'lan'
option encryption 'psk2'
option key 'XXXXXXXXXXXXXXXXXXXX'
option wpa_disable_eapol_key_retries '1'
option macfilter 'allow'
list maclist '60: : : : :CF'
list maclist 'B0: : : : :BE'
list maclist 'C4: : : : :E8'
list maclist '24: : : : :05'
list maclist '00: : : : :B3'
It would appear that I need to repeat all of the maclist entries for each of the four wireless networks. I'd prefer a way to edit one list of MAC addresses and have it apply to all wireless networks like the default did. Is this possible? What am I missing?
You might ping @hnyman, since you're using that build.
Also posted on reddit...
Not much help from me, as my build has nothing special related MAC allow/deny handling for wifi.
And I do not remember seeing that kind of global MAC whitelisting feature implemented in OpenWrt.
Seeing as wireless is one of the vectors of attack most abused on routers, I am surprised that OpenWRT lags behind Netgear is having a more efficient way to handle this across multiple wireless/guest networks. It's easy enough to cut/paste the same list four times in the config file, and then use #comments to denote the device name (which is very helpful). I was just hoping there was some kind of additional package that would sort this out. Thank you for the replies and for the firmware package!
MAC filters aren't a security measure at all, it doesn't even make sense to think about them. Pick a good wireless password and don't get it leak to unwanted devices (and/ or change it when needed).
You are 100% correct. I recently upgraded a router I've used since 2013, and back then I thought having a MAC filter would help a little. I was trying to migrate my old ways over. I revisited the entire idea earlier, and I now realize it's useless against even novices with tools that are now fairly mainstream. I'll do away with the MAC filter for additional security.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.