Access restriction using mac address

meazz1 · Jul 1, 2010, 12:59 PM

I am trying to block a pc in my LAN using mac address.The rules need to contain so that I can allow the pc to access internet
for certain hours of the day and specific days of the week.
Only thing I find is to block by IP address.
Can someone point me to the right direction?
I am using pfsense 1.2.3 on a Alix board using CF module.

jimp · Jul 1, 2010, 8:53 PM

You cannot filter based on MAC address in that way.

You could setup captive portal and restrict the LAN with a username/password login, or you could use static ARP in the DHCP settings so that only certain PCs can get out.

Anyone can spoof a MAC address though, so it's not exactly an effective means of security unless you also have switches that can restrict a specific MAC to a specific port.

meazz1 · Jul 2, 2010, 3:43 AM

@jimp:

You cannot filter based on MAC address in that way.

You could setup captive portal and restrict the LAN with a username/password login, or you could use static ARP in the DHCP settings so that only certain PCs can get out.

Anyone can spoof a MAC address though, so it's not exactly an effective means of security unless you also have switches that can restrict a specific MAC to a specific port.

good advice. I will look into the ARP option.