I am using WiFi hotspot feature of Ubuntu 18.04 to create a hotspot for
my devices. I need to prevent different devices on the network from
contacting each other.
More specifically, I have two phones on the network, I would like them
not to be able to send any packets to each other. Right now if phone 1
is using IP address 10.42.0.172 and phone 2 is using 10.42.0.59, I can
use phone 1 to ping 10.42.0.59.
I would like to disable connections between different hosts on the
network created by the hotspot. I tried a number of things, including
using iptables to drop local traffic. However, it seems like the
iptables don’t have any effect on local packets. I’m wondering if local
packets are forwarded directly without going through kernel’s network
stack. I do see local packets on wireshark though.
Under the hood the hotspot uses wpa_supplicant to setup the wifi access
point. So I tried to enable client isolation (ap_isolate), so that
devices on the hotspot network cannot send packets to each other. So
once the hotspot is set up, I do the following:
$sudo wpa_cli -i wlan0 #set ap_isolate 1 OK #get ap_isolate 1
So I see that AP isolate is enabled. However, I still can send packets
from one device to another on the hotspot network. Why is that? Am I
missing something? Is there a way to have isolation on the WiFI hotspot?