Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is there MAC Filtering like in IPCOP?

    Wireless
    4
    7
    4.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      deris
      last edited by

      Hello everyone,

      First of all, sorry so much for my bad english, I'm still learning it.

      I use IPCOP firewall-proxy in a high school, and I'm thinking of switching to pfsense. But a necessary condition is that pfsense has MAC Address Filtering like in IPCOP, that is without using Captive Portal (I think it's a little bit different than MAC address filtering from IPCOP).

      In order to you understand me a little bit better, a screenshot from IPCOP. Notice that I don't have to write any IP address, just a MAC address.

      Thank you so much.

      ![Captura de pantalla 2013-05-15 a las 23.29.37.png_thumb](/public/imported_attachments/1/Captura de pantalla 2013-05-15 a las 23.29.37.png_thumb)
      ![Captura de pantalla 2013-05-15 a las 23.29.37.png](/public/imported_attachments/1/Captura de pantalla 2013-05-15 a las 23.29.37.png)

      1 Reply Last reply Reply Quote 0
      • D
        dhatz
        last edited by

        The short answer is no, the "pf" packet filter used by pfSense (currently) works at L3.
        The ipfw packet filter (used by CP) does support L2 / MAC filtering, but it's not configurable from the webGUI.

        Depending on what you're trying to do, you might be able to use the DHCP static ARP entries …

        1 Reply Last reply Reply Quote 0
        • D
          deris
          last edited by

          Ok dhatz,

          Thank you very much to answer so quickly.

          Best regards.

          1 Reply Last reply Reply Quote 0
          • R
            rjcrowder
            last edited by

            @deris:

            Ok dhatz,

            Thank you very much to answer so quickly.

            Best regards.

            You can turn on ipfw by enabling the captive portal… then you can do mac filtering by creating your own ipfw rules. What I did was modify the ipfw save logic to include custom rules of my own. At the end of my rules, I skip around the ones that are added by the captive portal. File I modified was /etc/inc/captiveportal.inc

            1 Reply Last reply Reply Quote 0
            • D
              deris
              last edited by

              Thank you rjcrowder. We are going to keep IPCOP for the time being.

              Cheers.

              1 Reply Last reply Reply Quote 0
              • R
                rjcrowder
                last edited by

                @deris:

                Thank you rjcrowder. We are going to keep IPCOP for the time being.

                Cheers.

                I understand… I used IPCop for a long time. I even had a devel environment and recompiled dansguardian and some other stuff on it. It is certainly easier in many respects. In the long run though, it doesn't give you near as much capability and it seems like the community is kind of fizzling out.

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  DHCP + static ARP as dhatz recommended is much better than what IPcop does. MAC filtering is more or less useless in general, DHCP+static ARP is a little better though it's a poor means of security in general regardless. MAC filtering is more or less pointless.

                  Indeed, IPcop is a dying project and we're a growing one.
                  http://www.google.com/trends/explore#q=ipcop,pfsense

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.