Other Selective client traffic filtering over Bridged Access Point

Hello;
I have been struggling to filter internal wireless access point client traffic and am wondering if it is possible on freebsd.

I have bridged my wireless card and one ethernet interface together and am using dnsmasq to distribute the same network over the bridge. The wireless card is set in hostap mode. My issue is that i am able to control traffic between clients when they are only over lan or between lan and wireless AP connected clients; but i am unable to control traffic between two wireless AP clients. Setting the 'apbridge' flag on the wireless interface does trigger the isolation between wireless clients, but i am then unable to allow certain wireless clients from reaching other wireless clients by setting rules on the bridge interface. I have also set the bridge.pfil_member system flag to 0 and the bridge.pfil_bridge flag to 1 and still have the same issue.
My aim is to have the wireless clients either isolated from each other or have them be able to access each other by default; yet to be able to stop or allow certain clients from seeing each other using firewall rules. Is this possible and if so how would i go about achieving this.

Any help is greatly appreciated.
 
Back
Top