Author Topic: Filtering by MAC address (Read 3395 times)

datenimperator · « **on:** March 21, 2017, 07:47:31 am »

It'd be great if I could use MAC addresses in alias lists, e.g. for filter rules by source. Usecase: Restrict access for certain devices on the network, no matter what IP address they use.

I understand that there is a way using the captive portal to achieve something similar but it feels rather complicated. One could also use static DHCP assignments although this would be trivial to circumvent. As I understand, FreeBSDs ipfw is capable of filtering by MAC address [1] although I'm not sure how opnsense builds on ipfw (or pf). Also I see that spoofing of MAC addresses is possible, although it's probably a little harder than just requesting/configuring another IP address.

Any thoughts on this? Regards,

Christian

[1] https://www.freebsd.org/cgi/man.cgi?ipfw(8)

djGrrr · « **Reply #1 on:** March 21, 2017, 03:33:41 pm »

Spoofing a mac address if often just as trivial as changing an ip address, so it would likely not be of much benefit.

Also, OPNsense uses PF for filtering, IPFW I believe is only used for things like the traffic shaper.

fabian · « **Reply #2 on:** March 21, 2017, 05:05:40 pm »

Quote from: djGrrr on March 21, 2017, 03:33:41 pm

Also, OPNsense uses PF for filtering, IPFW I believe is only used for things like the traffic shaper.

+ Captive Portal

Author Topic: Filtering by MAC address (Read 3395 times)

datenimperator

Filtering by MAC address

djGrrr

Re: Filtering by MAC address

fabian

Re: Filtering by MAC address