PfSense block Internet access by MAC Address

Deadjasper

2[H]4U
Joined
Oct 28, 2001
Messages
2,081
I cannot for the life of me figure out how to accomplish this. It should be easy but it's anything but. I've followed the directions found at netgate.com and it does diddly squat shit nothing. I only want to block one box with one NIC, that's all.

Does anybody know how to do this?

TIA
 

Farva

Extremely [H]
Joined
Feb 3, 2004
Messages
38,063
What are you trying to accomplish exactly? If the MAC address gets changed/spoofed, you are just going to be playing wack a mole.
 

Deadjasper

2[H]4U
Joined
Oct 28, 2001
Messages
2,081
The MAC address I want to block is my HTPC. There is no need for it to connect to the Internet now that it's set up and running. I want to insure that it never calls home. I figure the best way to do this is to block the MAC address rather than the ip address.

In a regular router this is stupid easy to do. Why is it so hard to do in PfSense ?????
 

toast0

[H]ard|Gawd
Joined
Jan 26, 2010
Messages
1,326
I don't think FreeBSD pf is able to do filtering at the ethernet level; only ip or higher levels. If you can get pfSense to use ipfw, you could do it that way, perhaps.

I'd probably just give it a static address in DHCP and block that address. And disable IPv6 on that machine. Or just manually configure that machine with IP and netmask but no default gateway.
 

Nenu

[H]ardened
Joined
Apr 28, 2007
Messages
19,861
The MAC address I want to block is my HTPC. There is no need for it to connect to the Internet now that it's set up and running. I want to insure that it never calls home. I figure the best way to do this is to block the MAC address rather than the ip address.

In a regular router this is stupid easy to do. Why is it so hard to do in PfSense ?????

You can do this easily on the HTPC by removing the Gateway address in its IP config.
Then it can still access the local lan but has no route out of it.
 

Deadjasper

2[H]4U
Joined
Oct 28, 2001
Messages
2,081
You can do this easily on the HTPC by removing the Gateway address.
Then it can still access the local lan but has no route out of it.

Yea, that's what I ended up doing. I also removed the DNS server. Apparently blocking by Mac Address only applies to wireless.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,242
Your HTPC will have 2 MAC addresses, one for the lan and one for Wifi, you could just block both in pfsense.
 

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
20,242
HTPC has no WiFi. Blocking the MAC Address is what I was trying to do. Never did find a way.
Ya, pfsense does let you do mac address blocking in the GUI, FreeBSD can do MAC address filtering but it is only in the wireless stack as you noted. (maybe one day) so it is just assigning a static IP in the DHCP server and block the IP.
 
Top