Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HOW TO BLOCK THE USER USING MAC ADDRESS

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 5 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anilp
      last edited by

      Hi i am the new user for the pfsense please provide me how to block the user using mac address

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        you can't using firewall rules.

        the only system that can handle mac is captive portal, but it isn't meant to be used for firewalling

        1 Reply Last reply Reply Quote 0
        • NogBadTheBadN
          NogBadTheBad
          last edited by

          If the user isn't very IP savvy you could do a DHCP reservation against his/her MAC address and use the IP in the firewall rules, however it wouldn't stop them changing their IP to another in the subnet range.

          Users can also change their burnt in mac address to a self assigned one.

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Get into your switch, find the port that MAC address is on, and disable it.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • NogBadTheBadN
              NogBadTheBad
              last edited by

              @Derelict:

              Get into your switch, find the port that MAC address is on, and disable it.

              I was going to say this, but its not clear what the OP means by block it could be one of two things.

              1. Block access out of the subnet or restrict access to some non local subnets, urls, etc …

              2. not allow MAC xx.xx.xx.xx.xx.xx.xx any LAN access at all.

              Andy

              1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Does he want to use static arp?  I can not tell what the OP wants to be honest.. But I like the use your switch post from Derelict ;)

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.