I thought it would be pretty straightforward to do, but I can't seem to find out how to block a specific device from connecting to my network. I'd presume I'd simply block the MAC address, but can't find any easy way to accomplish this from the GUI.
Add a firewall rule for the (probably?) LAN interface.
That won't keep the device from communicating with other devices on your LAN. Traffic within the same network does not pass through your firewall. That needs to be done on your switch or your access point if it's WiFi.
DHCP assign no IP to this MAC, with Static mappings and check "Enable static ARP entries", as close as you can get.
Didn't check recently, but if a specific MAC has a reserved IP on ONE interface, this specific MAC will receive an IP on all other interfaces of the sense (it'S the way it was in the past, since pfsense times)
Your (cabled) LAN should be trusted. If you simply block a MAC a bad actor can:
* spoof a new MAC address
* Set a static IP in the DHCP range
So, the requested feature is somewhat pointless and only block uninformed people.