Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall MAC Filter

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NOYB
      last edited by

      Need equivalent of these filters on LAN interface (only inbound filtering is needed).

      Source MAC: 00:23:a2:b8:eb:97

      Source IP Address: any/none
      Source Port: any

      Destination IP Address: 255.255.255.255
      Destination Port: 68
      Protocol: UDP (or any)

      Action: BLOCK/DROP

      And Also:
      Source MAC: 00:23:a2:b8:eb:97

      Source IP Address: any/none
      Source Port: 21302

      Destination IP Address: 169.254.1.255
      Destination Port: 5000
      Protocol: UDP (or any)

      Action: BLOCK/DROP

      1 Reply Last reply Reply Quote 0
      • L
        limecat
        last edited by

        Are you trying to block DHCP from a specific MAC?  Im not sure that would work like you want, since pfSense is probably only "seeing" the traffic; even if pfSense blocks it, unless your whole LAN goes through your firewall, everyone else would still get the traffic.

        What is the situation you are having?  There may be a better way to fix it (though you will probably want a managed L3 switch to do so).

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          Also curious on the 5000 traffic, it comes from that specific source port?  That box is sending to directed broadcast to what looks like a Automatic Private IP Address (APIPA) 169.254.x.x, but then its got a /24 on it?? 169.254.1.255 ?

          Wouldn't that source port change?

          This is the same box that is sending out what I would assume is DHCPOFFER or DHCPACK, with dest port 68 and broadcast dest.  If that is the traffic your looking to block, could you just block traffic from any IP that has source 67 and destination 68?

          And has mentioned normally lan traffic pfsense sees to broadcast would be going to all lan boxes anything - so why does it need to be blocked from pfsense seeing it?

          I think some more details of source of this traffic and why you want to block it and to where extactly your wanting to block it from getting to would help us figure out best way to do it.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.