[solved] Allow only certain users through firewall
-
Hello everybody,
I need an advice for my use case:
- only paid users are allowed to access internet
- database of paid users is maintained in an external system
- unique identifier of paid user is his MAC address
- IPv4 and IPv6 connectivity
Looking for automated solution how to enable internet only for paid users. GUI cannot be used.
- pfSense has no API
- pf cannot permit/deny packets according their src MAC address
- not aware of a way how to add a static DHCPv4 lease through CLI (but DHCPv6 screws it up)
- not aware of a way how to add a MAC address into captive portal bypass list through CLI
-
Captive Portal (with RADIUS?)?
(I've never used it but it seems like exactly what you want.)
-
Captive Portal (with RADIUS?)?
I am not aware of a way how to add a MAC address into captive portal bypass list through CLI.
-
Use RADIUS auth with captive portal, you can set it up for MAC auth as well so you can add the MACs in RADIUS to let them through.
-
you can add the MACs in RADIUS to let them through.
Could you elaborate more?
I want this situation: registered user connects to internet without bothering with captive portal. -
Who are these "registered users"? Employees using work devices? Customers? Guests?
-
No matter what, pfSense captive portal will not pass IPv6. It will be IPv4-only.
-
Who are these "registered users"? Employees using work devices? Customers? Guests?
Customers with their MAC registered in my CRM.
-
No matter what, pfSense captive portal will not pass IPv6. It will be IPv4-only.
Then it's solved. I'll have to use iptables to filter MAC addresses and abandon pfSense.