Replacement for MAC based firewall rules

Started by chbaer, June 09, 2020, 08:23:37 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 09, 2020, 08:23:37 AM
Hey folks,

I'm about to make a transission from a UniFi USG Pro to OPNsense at the moment.

I've got a feature that I use in the USG that is not possible with OPNsense and I want to hear, how you solve this issue.

My network consists of several VLANs. In the USG I can create an alias (called "group" there) where I can put MACs in and use them in the firewall rules.

In my specific case I've got a group "admin_devices" where I put all the MACs of the Interfaces that my MacBook, iPhone and iPad use. I've got a firewall rule that enables access to all networks for this group, either in which VLAN they are and which IP they've got form DHCP.

As pf can't do rules by MAC, what's your way to accomplish this? The only thing I can think of is to add static mappings for all interfaces of all devices in all networks and put these IPs in an alias. But that's somehow unelegant.

Best regards
Chris
June 09, 2020, 08:27:11 AM #1
There is currently no other way, sorry.
June 09, 2020, 01:31:42 PM #2
You can use a static DHCP lease as a workaround. In general it would work with aliases which are dynamically filled.
Print
Go Up Pages1
User actions