I am using WiFi hotspot feature of Ubuntu 18.04 to create a hotspot for my devices. I need to prevent different devices on the network from contacting each other.
More specifically, I have two phones on the network, I would like them not to be able to send any packets to each other. Right now if phone 1 is using IP address 10.42.0.172 and phone 2 is using 10.42.0.59, I can use phone 1 to ping 10.42.0.59.
I would like to disable connections between different hosts on the network created by the hotspot. I tried a number of things, including using iptables to drop local traffic. However, it seems like the iptables don't have any effect on local packets. I'm wondering if local packets are forwarded directly without going through kernel's network stack. I do see local packets on wireshark though.
Under the hood the hotspot uses wpa_supplicant to setup the wifi access point. So I tried to enable client isolation (ap_isolate), so that devices on the hotspot network cannot send packets to each other. So once the hotspot is set up, I do the following:
$sudo wpa_cli -i wlan0
#set ap_isolate 1
OK
#get ap_isolate
1
So I see that AP isolate is enabled. However, I still can send packets from one device to another on the hotspot network. Why is that? Am I missing something? Is there a way to have isolation on the WiFI hotspot?