OPNsense Forum

English Forums => General Discussion => Topic started by: kmanos on November 16, 2022, 05:10:24 pm

Title: How to block a device from the network
Post by: kmanos on November 16, 2022, 05:10:24 pm

I thought it would be pretty straightforward to do, but I can't seem to find out how to block a specific device  from connecting to my network. I'd presume I'd simply block the MAC address, but can't find any easy way to accomplish this from the GUI.

Title: Re: How to block a device from the network
Post by: Patrick M. Hausen on November 16, 2022, 05:14:15 pm

Add a firewall rule for the (probably?) LAN interface.

That won't keep the device from communicating with other devices on your LAN. Traffic within the same network does not pass through your firewall. That needs to be done on your switch or your access point if it's WiFi.

Title: Re: How to block a device from the network
Post by: chemlud on November 16, 2022, 05:56:17 pm

DHCP assign no IP to this MAC, with Static mappings and check "Enable static ARP entries", as close as you can get.

Didn't check recently, but if a specific MAC has a reserved IP on ONE interface, this specific MAC will receive an IP on all other interfaces of the sense (it'S the way it was in the past, since pfsense times)

Title: Re: How to block a device from the network
Post by: EdwinKM on November 28, 2022, 11:01:14 am

Your (cabled) LAN should be trusted. If you simply block a MAC a bad actor can:
  * spoof a new MAC address
  * Set a static IP in the DHCP range

So, the requested feature is somewhat pointless and only block uninformed people.