Baning a mac
-
hi,
-
how can i ban a mac adress from entering the network, and keeping the dhcp available without adding any macs.
-
is it possible to use the mac instead of the ip in the penalty line when configuring traffic shaping?
thanks
hadi57
-
-
pf can't do macfiltering. Try to assign this mac a nonsense IP by static dhcp mapping. This of course would not work if the user assigns himself a static IP.
-
hi
thanks for the reply, you're right because it would be hard to deal with the situation if the client issue himself a static ip, therefore i was thinkig if mac filtering, i hope this feature will availabe some how later on.
thanks again
hadi57
-
you could try adding a static arp entry for the mac address you want to filter out. just set the IP address to something that does not exist in your network (127.0.0.2 perhaps?)
doing this would completely block the user out of pfsense, so traffic shaping/etc will not be possible.
OpenBSD has brconfig( 8 ) using which you can tag ethernet frames. See the bottom of this webpage: http://www.openbsd.org/faq/pf/tagging.html. FreeBSD/pfSense does not yet have this feature.
-
I would keep in mind that it is fairly easy to spoof a MAC address. You may want to use another method of restricting this machine/person. (Physical security, better wireless password, etc.)
-
hi
you are right about spoofing, but how many clients knows this? my clients arn't aware of networking, phisical security with wirless, how? mac filtering is a good option for the time being
hadi57