MAC Filtering on PF



  • hi  ;D
    How to determine if only specific addresses from a specific country are accessible to our server?


  • LAYER 8 Global Moderator

    What does that have to do with mac?  Use pfblocker package if you want to block countries from accessing your port forwards.  Or stop access to those countries.



  • I want to prevent rdp brut force  attacks by filtering the mac address

    Is there any other idea to prevent such attacks?



  • You would see an IP address not a MAC if your talking inbound from the WAN.

    Create a VPN.


  • LAYER 8 Global Moderator

    "Is there any other idea to prevent such attacks?"

    Yeah don't freaking open up Remote Desktop to the public internet ;)  You need to remote to your machines than VPN in..

    At worse your rule that allows access to the remote desktop through a forward should be sourced locked to the specific IP or IPs you want to allow.. Great you can block RU from hitting your port forward, doesn't stop hits from the same country your wanting to access it from.

    VPN into your network for such access..



  • Can not do this scenario with MAC?


  • LAYER 8 Global Moderator

    I suggest you research what a MAC is… its only seen at layer 2.. No you can not filter mac in pfsense from some random internet bot or IP..

    Did you smite me for asking what mac has to do with it?



  • @faxmodem:

    Can not do this scenario with MAC?

    The MACs would only be seen at layer 2.



  • You would see an IP address not a MAC if your talking inbound from the WAN.

    The only MAC address you'll see on the WAN port is your ISP's router.  If you block that, you will disconnect yourself from the Internet.  A MAC address is the hardware address for a device and is valid on the local LAN only.  When a packet is received a router or any other device, the MAC address is discarded.  A router will then forward the IP packet as approptiate and create a new Ethernet frame, with a new MAC to forward it on.  You will NEVER see a MAC address for any device that's not directly connected to your firewall.



  • Do not block IP countries from OPEN VPN by pfblocker?

    i'm config pfblock but unblock ip for other country??


  • LAYER 8 Global Moderator

    huh?? what are you wanting to do.. Read that like 3 times, makes no sense.

    Use aliases in pfblocker for the country blocks you want and set your firewall rules with those aliases.



    1. MAC addresses are not associated with countries, for the most part
    2. MAC addresses are only link local. You will only ever see the single MAC address from your ISP's gateway.


  • ^^^^
    For the most part????  I'd say not at all.  The lower 24 bits are simply a serial number.  The upper 24 are mostly assigned to a manufacturer, with a couple of bits reserved for unicast/multicast and locally assigned address.



  • @JKnott:

    ^^^^
    For the most part????  I'd say not at all.  The lower 24 bits are simply a serial number.  The upper 24 are mostly assigned to a manufacturer, with a couple of bits reserved for unicast/multicast and locally assigned address.

    you might be able to find a correlation between certain bits in a MAC address and certain models of NICs if you know something about the supply chain.

    OK guys, the next 10,000 NICs are going to Russia. Now you have 10,000 sequential MACs being sold in stores in Russia, assuming they used sequential and not random. Not sure why random would be a good idea for this case. And also assuming MACs are not being spoofed. Not that you'll ever see a MAC from outside of your broadcast domain.


Log in to reply