Filtering to allow only selected devices

pateretou

Hello,

I'm very surprise to haven't found any way to do this.

Today I have my own "nextcloud" / emails / etc. instance running at home on my own server.
everything runnning well etc etc
Today I would like to replace the GAFA tools with my own tools.

But i don't want let my apps running on internet to everyone (remember for example the synology securities breach etc etc)

I would like to allow only some devices (my laptop(s), my smartphone and friends smartphone etc) to allow to access the webservices.

For the smartphone i will never had a fixed IP.

So in my mind my idea was to filter access by mac address but .... (I know L2/L2 etc etc : https://forum.netgate.com/topic/103460/firewalling-mac-addresses ). I know this is easy to do a man in the middle attack with changing mac address but I don't want to protect against attack just avoid scripts kiddies and massives attacks when a new breach is reveal.

I'm very surprised there is no way to do this today?

for now i'm using a VPN but this is too heavy and battery drainer to be reliable (and to be honest ... i tried to convince my wife to connect to a VPN .... and this is a total failed... she is hermetic )

Anyone know how to do this without mac filtering (and without VPN) ?

Any suggestion is welcome! :)

Thanks
Pat

johnpoz

You understand that mac address are only at L2 right.. There is no way you could filter on a devices mac address from the internet.. The only mac address pfsense would see from the internet is the routers interface in front of it, ie the isp device.

The way do what you ask is vpn.. I have never experience any heavy battery load from running vpn...