Is it possible to block the access by phone brand?



  • just wonder if there's any rule/ package can do that.

    e.g. What if I don't want iPhones to use my network?

    OS list in pFSense is outdated.



  • About the only way to do that is with MAC addresses. Hardware makers are assigned blocks of MAC addresses, which can be used to identify the maker. However, pfSense doesn't filter on MAC addresses. Some managed switches can and, in fact, that method is often used to separate VoIP phones from other devices, to place them on a separate VLAN.

    I've never been fond of Apple either. 😉


  • LAYER 8 Rebel Alliance

    I'd rather have only iPhones in my Network than Android stuff. 😂

    -Rico



  • I don't really mean iPhone ...
    I was talking about those phone brand from that big country ...

    and some of them "got" same MAC address with others by copying or randomly generating ...



  • We must be talking about the wifi part of your network.

    Why don't you do this? Since iPhones and/or Android phones can only communicate with a network over wireless, why don't you make a separate wireless SSID and VLAN only for mobile devices? You can push all of your mobile users to a single interface on your firewall, then you can filter accordingly. Allow or deny by each device.

    Or, if you wanted, and the setup is a little bit more complicated but not impossible, you could get the proper wifi gear, broadcast multiple SSID's, and give your "approved" devices the login info to your "approved" wireless network. Let all the "unapproved" mobile devices use the other "unapproved" SSID. There's no MAC address filtering using this method.

    Jeff


  • Netgate Administrator

    No real way to do this at the firewall usefully I would say.

    Might try just allowing only MACs you've added. Or maybe 802.1x at your access points.

    Maybe if you have signatures and those phones in questions are calling home you can detect and block them in Snort.

    Steve


Log in to reply