Firewall MAC Filter
-
Need equivalent of these filters on LAN interface (only inbound filtering is needed).
Source MAC: 00:23:a2:b8:eb:97
Source IP Address: any/none
Source Port: anyDestination IP Address: 255.255.255.255
Destination Port: 68
Protocol: UDP (or any)Action: BLOCK/DROP
And Also:
Source MAC: 00:23:a2:b8:eb:97Source IP Address: any/none
Source Port: 21302Destination IP Address: 169.254.1.255
Destination Port: 5000
Protocol: UDP (or any)Action: BLOCK/DROP
-
Are you trying to block DHCP from a specific MAC? Im not sure that would work like you want, since pfSense is probably only "seeing" the traffic; even if pfSense blocks it, unless your whole LAN goes through your firewall, everyone else would still get the traffic.
What is the situation you are having? There may be a better way to fix it (though you will probably want a managed L3 switch to do so).
-
Also curious on the 5000 traffic, it comes from that specific source port? That box is sending to directed broadcast to what looks like a Automatic Private IP Address (APIPA) 169.254.x.x, but then its got a /24 on it?? 169.254.1.255 ?
Wouldn't that source port change?
This is the same box that is sending out what I would assume is DHCPOFFER or DHCPACK, with dest port 68 and broadcast dest. If that is the traffic your looking to block, could you just block traffic from any IP that has source 67 and destination 68?
And has mentioned normally lan traffic pfsense sees to broadcast would be going to all lan boxes anything - so why does it need to be blocked from pfsense seeing it?
I think some more details of source of this traffic and why you want to block it and to where extactly your wanting to block it from getting to would help us figure out best way to do it.
