MAC white list for a route

GiovanniG · August 7, 2023, 2:37pm

Hi, I would like that some clients of a network can’t reach (for safety reasons) a subnet, I explain better:
On the router there are 2 physical WANs, one is the simple internet gateway, another (better call it MAN) is connected to the main office, I want to filter out all MACs except of some, maually added, that are able to reach other main office subnet.

I can do it by IP, allowing only some, but I think in this way I will overload the router CPU, I prefer to work with MACs and I’ve already fond the way, creating a filter with drop action, specify the destination subnet and the source mac address, but I think this overload equal than IP source, and more, I have to create a filter for each devices.

Ideally can be work on bridges, if possible and if it can light the CPU usage, and allow only some MAC to access the second brige, where is connected the MAN interface.
How can I reate a whiltelist with MACs (or eventaully IPs)? Or should I create e line for each NAT?
Thank you for suggestions!

BartoszP · August 7, 2023, 2:39pm

MAC list is a long awaited feature not implemented yet.

GiovanniG · August 7, 2023, 3:18pm

That means I should create a filter for each device.
Do has sense to filter MAC and find a way for it, or it loads equally the CPU doing a combinad filter MAC source/dest subnet (it looks more safe) or source IP/dest subnet?

Chances are, I can block the first packet to establish a connection, then let the fast forward route the packets.
There is another option, to source NAT the allowed device to that network, it looks even safer, but I bet it really loads the CPU

Thanks

anav · August 7, 2023, 3:20pm

BY IP is the easier route, just add them to an address list. Very easy.