I have a routed access point running on a raspberry pi and would like to filter the traffic going between devices using something similar to iptables for traffic such as:
Desktop.wlan > phone.wlan
I know that you can't use iptables as this deals with layer 3 filtering. I tried using nftables with its ingress filtering but I still cannot filter the communication. But I did notice something change when using a rule such as this
nft add chain netdev filter input { type filter hook ingress device wlan0 priority -500 \; policy accept \; }
nft add rule netdev filter input ether saddr DESKTOP=MAC-ADDR counter drop
This caused the tracert from desktop to 10.0.0.10 (phone.wlan) to change from
Tracing route to phone.wlan over a maximum of 30 hops
To
Tracing route to 10.0.0.10 over a maximum of 30 hops
I don't know if this means anything is happening but this only occurs when I have that rule in place.
But unfortunately, the two can still communicate with this rule in place. I don't want to use ap_isolate=1
as I want my clients to still be able to talk to one another, but I wish to be able to filter it.
Does anyone know if there is a way to filter my network? Let me know if more information is needed.