Log MAC addresses in Firewall log



  • Hi,

    Is it possible to log the MAC addresses in the Firewall Log?

    I have a configuration where the users get an IP via DHCP, and I'm trying to detect some troyan connections so I set up a block rule to track the IPs the troyan usually connects to and then look on the log from where it tries to connect.

    My problem is that once I get these IPs, I'm unable to know wich computers correspond to the IPs without a MAC adress.

    Any ideas?



  • not sure exactly to what you are trying to do but i saw this in some other thread.

    arp -a >> arp.txt

    stick it into crontab how often you wanna run it

    EDIT: besides the obvius…you know there is a dhcp log right?

    /F



  • Yes, but pfSense has something called DHCP leases so I think maybe there is an option to associate this data table directly without having to do it manually, the idea is to have in the firewall log the MAC address next to the ip, because the ip association changes from one day to another (I'm using dynamic DHCP).


Log in to reply