Hi Community,
I've been trying to enable this filtering mechanism (I know there are different ways to do this, but chose to use this approach) and the UI prevents me from using a specific MAC filtering pattern that I know ISC DHCP supports (I dropped to CLI to determine OPNSense is using ISC DHCP) which is the following:
A2,B2,C2,D2,E2,F2,12,22,32,42,52,62,72,82,92,02,A6,B6,C6,D6,E6,F6,16,26,36,46,56,66,76,86,96,06,AA,BA,CA,DA,EA,FA,1A,2A,3A,4A,5A,6A,7A,8A,9A,0A,AE,BE,CE,DE,EE,FE,1E,2E,3E,4E,5E,6E,7E,8E,9E,0E
I use a similar pattern on my UniFi USG at work to block random MACs and I can manually add this to /var/dhcpd/dhcpd.conf but the UI prevents this pattern. An example I've used in the past for ISC DHCP can be found in this github page:
https://gist.github.com/patrickdk77/bbcdcb5e5cee2b7fe9eba52224ba7751
The pattern I tried from was a Netgate forum on the same subject matter (which is where the string above comes from):
https://forum.netgate.com/topic/162075/how-to-block-randomized-mac-addresses/15
However, any manual edits I make to the raw configuration file will most likely be lost with upgrades or reboots or any DHCP changes.
Is there a way I can accomplish this with OPNSense?
I was able to resolve this by placing the configuration referenced above (github) as a local file (randommac.conf) in /usr/local/etc/dhcpd.opnsense.d which results in the outcome I'm looking for.