It would be great when the CLI would have a possibility to create a black-/whitelisting of MAC-Addresses.
The necessary config-parts of hostapd would be:
```
# Station MAC address -based authentication
# Please note that this kind of access control requires a driver that uses
# hostapd to take care of management frame processing and as such, this can be
# used with driver=hostap or driver=nl80211, but not with driver=atheros.
# 0 = accept unless in deny list
# 1 = deny unless in accept list
# 2 = use external RADIUS server (accept/deny lists are searched first)
macaddr_acl=0
```
and
```
# Accept/deny lists are read from separate files (containing list of
# MAC addresses, one per line). Use absolute path name to make sure that the
# files can be read on SIGHUP configuration reloads.
#accept_mac_file=/etc/hostapd.accept
#deny_mac_file=/etc/hostapd.deny
```
example content of hostapd.accept
```
# List of MAC addresses that are allowed to authenticate (IEEE 802.11)
# with the AP. Optional VLAN ID can be assigned for clients based on the
# MAC address if dynamic VLANs (hostapd.conf dynamic_vlan option) are used.
00:11:22:33:44:55
00:66:77:88:99:aa
00:00:22:33:44:55 1
```
example content of hostapd.deny
```
# List of MAC addresses that are not allowed to authenticate (IEEE 802.11)
# with the AP.
00:11:22:33:44:55
00:66:77:88:99:aa
```