Originally posted by **seancmalloy** July 23, 2023
is there anyone out there that would help me add simple feature to this add-on. I need to drop traffic from certain mac addresses. this feature is required for localtuya so tuya devices dont have internet access.
heres what i got so far, still testing
dockerfile -
```
apk add --no-cache bash jq iw hostapd networkmanager networkmanager-cli net-tools sudo dnsmasq iptables ipset && \
COPY jail.txt /
```
config.json -
```
options
"deny_mac_internet": [],
schema
"deny_mac_internet": ["str"],
```
run.sh -
```
JAIL=/jail.txt
DENY_MAC_INTERNET=$(jq --raw-output '.deny_mac_internet | join(" ")' $JAIL)
if [ ${#DENY_MAC_INTERNET} -ge 1 ]; then
echo "$deny_mac_internet"$'\n' >> /jail.txt
ipset create JAIL hash:mac
ipset add JAIL -f /jail.txt
iptables-nft -A FORWARD -i $INTERFACE -m set --match-set JAIL -o eth0 -j DROP
fi
```
any help is appreciated
update - its seems that ipset set types support is not in the kernel
plan b
```
if [ ${#DENY_MAC_INTERNET} -ge 1 ]; then
MACDENIED=($DENY_MAC_INTERNET)
for maclist in "${MACDENIED[@]}"; do
echo "$maclist"$'\n' >> /jail.txt
iptables-nft -A FORWARD -i $INTERFACE -m mac ! --mac-source $maclist -o eth0 -j DROP
done
fi
```
update - i included nano in add-on and confirmed that its not writing mac addresses to file. why? anyone have any ideas?
update - so i gave up on trying do it like this, so just added sh file with iptables rules that runs if new option is selected in config. it prevents tuya devices from accessing the internet so i can just use localtuya. if anyone is interested...
dockerfile -
```
COPY jail.sh /
RUN chmod a+x /jail.sh
```
jail.sh -
```
iptables-nft -A FORWARD -i wlan1 -m mac ! --mac-source xx:xx:xx:xx:xx -o eth0 -j DROP
```
config -
```
"options": {
"deny_mac_internet": "0",
"schema": {
"deny_mac_internet": "int",
```
run.sh -
```
DENY_MAC_INTERNET=$(jq --raw-output ".deny_mac_internet" $CONFIG_PATH)
if [ $DENY_MAC_INTERNET -eq 1 ]; then
sh /jail.sh
sleep 5
fi
```
Discussed in https://github.com/mattlongman/Hassio-Access-Point/discussions/52