Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Replacement for MAC based firewall rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Replacement for MAC based firewall rules (Read 1521 times)
chbaer
Newbie
Posts: 5
Karma: 0
Replacement for MAC based firewall rules
«
on:
June 09, 2020, 08:23:37 am »
Hey folks,
I'm about to make a transission from a UniFi USG Pro to OPNsense at the moment.
I've got a feature that I use in the USG that is not possible with OPNsense and I want to hear, how you solve this issue.
My network consists of several VLANs. In the USG I can create an alias (called "group" there) where I can put MACs in and use them in the firewall rules.
In my specific case I've got a group "admin_devices" where I put all the MACs of the Interfaces that my MacBook, iPhone and iPad use. I've got a firewall rule that enables access to all networks for this group, either in which VLAN they are and which IP they've got form DHCP.
As pf can't do rules by MAC, what's your way to accomplish this? The only thing I can think of is to add static mappings for all interfaces of all devices in all networks and put these IPs in an alias. But that's somehow unelegant.
Best regards
Chris
Logged
mimugmail
Hero Member
Posts: 6765
Karma: 494
Re: Replacement for MAC based firewall rules
«
Reply #1 on:
June 09, 2020, 08:27:11 am »
There is currently no other way, sorry.
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Replacement for MAC based firewall rules
«
Reply #2 on:
June 09, 2020, 01:31:42 pm »
You can use a static DHCP lease as a workaround. In general it would work with aliases which are dynamically filled.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Replacement for MAC based firewall rules