It'd be great if I could use MAC addresses in alias lists, e.g. for filter rules by source. Usecase: Restrict access for certain devices on the network, no matter what IP address they use.
I understand that there is a way using the captive portal to achieve something similar but it feels rather complicated. One could also use static DHCP assignments although this would be trivial to circumvent. As I understand, FreeBSDs ipfw is capable of filtering by MAC address [1] although I'm not sure how opnsense builds on ipfw (or pf). Also I see that spoofing of MAC addresses is possible, although it's probably a little harder than just requesting/configuring another IP address.
Any thoughts on this? Regards,
Christian
[1] https://www.freebsd.org/cgi/man.cgi?ipfw(8)
Spoofing a mac address if often just as trivial as changing an ip address, so it would likely not be of much benefit.
Also, OPNsense uses PF for filtering, IPFW I believe is only used for things like the traffic shaper.
Quote from: djGrrr on March 21, 2017, 03:33:41 PM
Also, OPNsense uses PF for filtering, IPFW I believe is only used for things like the traffic shaper.
+ Captive Portal