Project

General

Profile

Feature #2965

Mac Firewalling

Added by SilentT and that's it almost 4 years ago. Updated almost 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules/NAT
Target version:
Start date:
04/24/2013
Due date:
% Done:

0%


Description

Is possible to Allow/Deny MAC adress like

Deny MACsrc 00:90:f5:cd:ab:1d(PC) to MACDest 00:90:f5:cd:ab:1b/Pfsense - Router)

for block MACadr to communicate with PfSense and blocking the access to internet

in http://www.freebsd.org/cgi/man.cgi?query=ipfw&apropos=0&sektion=0&manpath=FreeBSD+8.3-stable&arch=default&format=html
The Man of Freebsd 8.3 (the os version use with PfSense 2.1)

This features of MAC adresses is available

"{ MAC | mac } dst-mac src-mac
Match packets with a given dst-mac and src-mac addresses, speci-
fied as the any keyword (matching any MAC address), or six groups
of hex digits separated by colons, and optionally followed by a
mask indicating the significant bits. "

i have execute command in the shell and its works !
Its a good features

I understand that between LAN machines never go through the pfsense because the switch had the same make. But to block a mac or mac address range to leave the network by the WAN for blocking internet access, it would be great

implant in the PfSense GUI in a tab "Block Specified MAC adresse to WAN" Or in the Rule of Firewall

History

#1 Updated by SilentT and that's it almost 4 years ago

and i argued with http://forum.pfsense.org/index.php?topic=25251.msg130923#msg130923

If you are trying to block devices from accessing the router on the local side of your network (for example, to a wireless connection), it is actually possible to block them, but not with the options currently exposed in the pfSense web GUI.

Also available in: Atom PDF