I did google alot on this but cant find any really usefull info.
I have setup a wlan with hostapd and dhcp (wpa) and its working really good. Now i have to add a new device/client to the wlan, and i want this device to not be able to see/ping/nmap/connect/whatever to the other devices inside the wlan. This device should however have access to the internet and needs to be ssh-able.
I noticed that iptables are kind of useless in this setup cause the client-to-client communication is not routed through the hostapd device.
I found the option 'ap_isolate=1' in the hostapd.conf but that does not seem to make any difference when turning that on/off and i also could not find any kind of documentation of that functionality.
So my last options seem to be to either hook the new device directly up to the router via ethernet and use iptables then (which i really dont want to do), or arpspoof my own device to route the traffic through the router (which i also dont want to do).
There must be a "normal" way of doing that, or not?
Hopefully anyone can point me in the right direction.
