I think it would be great to made a PPPoE traffic filter for example if you enable it, any other traffic than pppoe sesions and discovery wouldn't be forwarded (no ip no arp ;)). In MikroTik its possible via bridge filters, it's the last feature in AirOS that I am waiting for. I use PPPoE in my network and those filters would be great.

Thanks alot, sorry for my english :P

---
Marek Wajdzik
http://www.wilan.pl/ - Regional polish WISP.

Would be great.

For now I have to:

1. Download config.
2. Add


ebtables.6.cmd=-P FORWARD DROP
ebtables.6.status=enabled
ebtables.5.cmd=-A FORWARD -p 0x8864 -j ACCEPT
ebtables.5.status=enabled
ebtables.4.cmd=-A FORWARD -p 0x8863 -j ACCEPT
ebtables.4.status=enabled


3. Upload config.

Thank you kleku!
I'll try your config. We filter the traffic in the AP, but additionally applying your solution in the STAs will decrease the unwanted traffic on the wireless section as well.

It would be great to add this option to the PPPoE configuration panel.

dear kleku,
this is good, but how I can drop a pppoe-discovery only the out from wlan to the destination MAC FF:FF:FF:FF:FF:FF, I want only the in pppoe-discovery to the wlan, to make no one (hacker) can receive any username and passwords, like we can don it in the Mikrotik routerboard.

Use the rules in the following link, they will stop broadcasts being sent to an end user and therefore a rogue PPPoE server can never hear a request.

You may also want to look into using one of the bridging isolation tools to prevent chat between end user CPEs.

http://ubnt.com/forum/showthread.php?p=138628#post138628

Hi,
thank you oeyre
i'm using this rule but it not work i don't know why:

ebtables.4.cmd=-A FORWARD -p 0x8863 -d ff:ff:ff:ff:ff:ff -o ath0 -j DROP
ebtables.4.status=enabled

Sorry for the stupid question, but where is config file with ssh ?

Can someone post how to modify it and how to make changes persistents?

Thanks

Tom