Access restriction using mac address



  • I am trying to block a pc in my LAN using mac address.The rules need to contain so that I can allow the pc to access internet
    for certain hours of the day and specific days of the week.
    Only thing I find is to block by IP address.
    Can someone point me to the right direction?
    I am using pfsense 1.2.3 on a Alix board using CF module.


  • Rebel Alliance Developer Netgate

    You cannot filter based on MAC address in that way.

    You could setup captive portal and restrict the LAN with a username/password login, or you could use static ARP in the DHCP settings so that only certain PCs can get out.

    Anyone can spoof a MAC address though, so it's not exactly an effective means of security unless you also have switches that can restrict a specific MAC to a specific port.



  • @jimp:

    You cannot filter based on MAC address in that way.

    You could setup captive portal and restrict the LAN with a username/password login, or you could use static ARP in the DHCP settings so that only certain PCs can get out.

    Anyone can spoof a MAC address though, so it's not exactly an effective means of security unless you also have switches that can restrict a specific MAC to a specific port.

    good advice. I will look into the ARP option.


Log in to reply