How to block the traffic that my client using hotspot

Started by jiaodong, Today at 02:32:21 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 02:32:21 AM
How to use Opnsense to block the traffic that my internet client using hotspot that other unauthorized device to access my network indirectly? Thanks!
Today at 09:58:07 AM #1 Last Edit: Today at 10:06:07 AM by meyergru
I do not understand the question, because it can be read two ways:

1. It is a specific client you know which you want to block. In that case, create a floating block rule for the client's MAC in order to block it also if it uses IPv6 pricavy extension, where you cannot block based on IP.

2. You want to block any unknown client - in that case, you would have to create a list of all known MACs of any "authorized" client and allow only those.

That being said, you have to know that any client can and sometimes, for privacy reasons, will, use random MACs - some Android and iPhone smartphones do it per default. You can also fake MACs of existing "autorized" devices. Thus, any kind of MAC-based authorization scheme comes to a natural limit.

If the devices are connected via a hotspot, you can protect the network by using a strong WiFi password in the first place. Some hotspots also allow whitelists for MACs, BTW.

The only "secure" way of protecting your internal network for cabled connections is 802.1x with client certificates - but not all devices can do that and you need 802.1x-capable switches and an LDAP database (like FreeRADIUS).
 
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Print
Go Up Pages1
User actions