Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
How to block a device from the network
« previous
next »
Print
Pages: [
1
]
Author
Topic: How to block a device from the network (Read 1945 times)
kmanos
Newbie
Posts: 1
Karma: 0
How to block a device from the network
«
on:
November 16, 2022, 05:10:24 pm »
I thought it would be pretty straightforward to do, but I can't seem to find out how to block a specific device from connecting to my network. I'd presume I'd simply block the MAC address, but can't find any easy way to accomplish this from the GUI.
Logged
Patrick M. Hausen
Hero Member
Posts: 6807
Karma: 572
Re: How to block a device from the network
«
Reply #1 on:
November 16, 2022, 05:14:15 pm »
Add a firewall rule for the (probably?) LAN interface.
That won't keep the device from communicating with other devices on your LAN. Traffic within the same network does not pass through your firewall. That needs to be done on your switch or your access point if it's WiFi.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: How to block a device from the network
«
Reply #2 on:
November 16, 2022, 05:56:17 pm »
DHCP assign no IP to this MAC, with Static mappings and check "Enable static ARP entries", as close as you can get.
Didn't check recently, but if a specific MAC has a reserved IP on ONE interface, this specific MAC will receive an IP on all other interfaces of the sense (it'S the way it was in the past, since pfsense times)
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
EdwinKM
Full Member
Posts: 155
Karma: 5
Re: How to block a device from the network
«
Reply #3 on:
November 28, 2022, 11:01:14 am »
Your (cabled) LAN should be trusted. If you simply block a MAC a bad actor can:
* spoof a new MAC address
* Set a static IP in the DHCP range
So, the requested feature is somewhat pointless and only block uninformed people.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
How to block a device from the network