OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • How to block a device from the network
« previous next »
  • Print
Pages: [1]

Author Topic: How to block a device from the network  (Read 1947 times)

kmanos

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
How to block a device from the network
« on: November 16, 2022, 05:10:24 pm »
I thought it would be pretty straightforward to do, but I can't seem to find out how to block a specific device  from connecting to my network. I'd presume I'd simply block the MAC address, but can't find any easy way to accomplish this from the GUI.
Logged

Patrick M. Hausen

  • Hero Member
  • *****
  • Posts: 6807
  • Karma: 572
    • View Profile
Re: How to block a device from the network
« Reply #1 on: November 16, 2022, 05:14:15 pm »
Add a firewall rule for the (probably?) LAN interface.

That won't keep the device from communicating with other devices on your LAN. Traffic within the same network does not pass through your firewall. That needs to be done on your switch or your access point if it's WiFi.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)

chemlud

  • Hero Member
  • *****
  • Posts: 2485
  • Karma: 112
    • View Profile
Re: How to block a device from the network
« Reply #2 on: November 16, 2022, 05:56:17 pm »
DHCP assign no IP to this MAC, with Static mappings and check "Enable static ARP entries", as close as you can get.

Didn't check recently, but if a specific MAC has a reserved IP on ONE interface, this specific MAC will receive an IP on all other interfaces of the sense (it'S the way it was in the past, since pfsense times)
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....

EdwinKM

  • Full Member
  • ***
  • Posts: 155
  • Karma: 5
    • View Profile
Re: How to block a device from the network
« Reply #3 on: November 28, 2022, 11:01:14 am »
Your (cabled) LAN should be trusted. If you simply block a MAC a bad actor can:
  * spoof a new MAC address
  * Set a static IP in the DHCP range

So, the requested feature is somewhat pointless and only block uninformed people.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • How to block a device from the network
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2