Block access to non dhcp clients

  • I use pfsense as a public hotspot.
    I have set a DHCP range of about 150 ip's
    Yesterday i got some error messages on clients about a IP conflict.
    My only guess was that some client has configured a static ip address on his machine and pfsense gave the same ip after a dhcp request.

    Is it possible for pfsense to allow access to the internet only to clients that acquire a IP from it's DHCP scope?

    My regards!

  • Change your subnet daily basis ;)

    Maybe you can submit one specific dns server via dhcp and block any other tcp/udp 53 ip-addresses

  • I am afraid i cannot change my subnet every day :)
    Neither blocking 53 will do.
    What if the static configuration contains my DNS server?
    I will work like a charm  :(

  • The best you can do at the firewall level there is to require static ARP, which requires configuring DHCP reservations for every host. Not possible on a public hotspot. Even at that though, you're doing nothing to prevent hosts from causing problems by using static IPs. They'll create an IP conflict without touching the firewall and there's nothing the firewall can do about it.