Is there MAC Filtering like in IPCOP?



  • Hello everyone,

    First of all, sorry so much for my bad english, I'm still learning it.

    I use IPCOP firewall-proxy in a high school, and I'm thinking of switching to pfsense. But a necessary condition is that pfsense has MAC Address Filtering like in IPCOP, that is without using Captive Portal (I think it's a little bit different than MAC address filtering from IPCOP).

    In order to you understand me a little bit better, a screenshot from IPCOP. Notice that I don't have to write any IP address, just a MAC address.

    Thank you so much.

    ![Captura de pantalla 2013-05-15 a las 23.29.37.png_thumb](/public/imported_attachments/1/Captura de pantalla 2013-05-15 a las 23.29.37.png_thumb)
    ![Captura de pantalla 2013-05-15 a las 23.29.37.png](/public/imported_attachments/1/Captura de pantalla 2013-05-15 a las 23.29.37.png)



  • The short answer is no, the "pf" packet filter used by pfSense (currently) works at L3.
    The ipfw packet filter (used by CP) does support L2 / MAC filtering, but it's not configurable from the webGUI.

    Depending on what you're trying to do, you might be able to use the DHCP static ARP entries …



  • Ok dhatz,

    Thank you very much to answer so quickly.

    Best regards.



  • @deris:

    Ok dhatz,

    Thank you very much to answer so quickly.

    Best regards.

    You can turn on ipfw by enabling the captive portal… then you can do mac filtering by creating your own ipfw rules. What I did was modify the ipfw save logic to include custom rules of my own. At the end of my rules, I skip around the ones that are added by the captive portal. File I modified was /etc/inc/captiveportal.inc



  • Thank you rjcrowder. We are going to keep IPCOP for the time being.

    Cheers.



  • @deris:

    Thank you rjcrowder. We are going to keep IPCOP for the time being.

    Cheers.

    I understand… I used IPCop for a long time. I even had a devel environment and recompiled dansguardian and some other stuff on it. It is certainly easier in many respects. In the long run though, it doesn't give you near as much capability and it seems like the community is kind of fizzling out.



  • DHCP + static ARP as dhatz recommended is much better than what IPcop does. MAC filtering is more or less useless in general, DHCP+static ARP is a little better though it's a poor means of security in general regardless. MAC filtering is more or less pointless.

    Indeed, IPcop is a dying project and we're a growing one.
    http://www.google.com/trends/explore#q=ipcop,pfsense


Log in to reply