OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: datenimperator on March 21, 2017, 07:47:31 am

Title: Filtering by MAC address
Post by: datenimperator on March 21, 2017, 07:47:31 am

It'd be great if I could use MAC addresses in alias lists, e.g. for filter rules by source. Usecase: Restrict access for certain devices on the network, no matter what IP address they use.

I understand that there is a way using the captive portal to achieve something similar but it feels rather complicated. One could also use static DHCP assignments although this would be trivial to circumvent. As I understand, FreeBSDs ipfw is capable of filtering by MAC address [1] although I'm not sure how opnsense builds on ipfw (or pf). Also I see that spoofing of MAC addresses is possible, although it's probably a little harder than just requesting/configuring another IP address.

Any thoughts on this? Regards,

Christian

[1] https://www.freebsd.org/cgi/man.cgi?ipfw(8)

Title: Re: Filtering by MAC address
Post by: djGrrr on March 21, 2017, 03:33:41 pm

Spoofing a mac address if often just as trivial as changing an ip address, so it would likely not be of much benefit.

Also, OPNsense uses PF for filtering, IPFW I believe is only used for things like the traffic shaper.

Title: Re: Filtering by MAC address
Post by: fabian on March 21, 2017, 05:05:40 pm

Quote from: djGrrr on March 21, 2017, 03:33:41 pm

Also, OPNsense uses PF for filtering, IPFW I believe is only used for things like the traffic shaper.

+ Captive Portal