Community discussions

 
tekrondo
just joined
Topic Author
Posts: 1
Joined: Mon Jun 29, 2015 2:23 pm

Dynamically attach a firewall rule by matching a device name (or mac address) prefix

Wed Jul 29, 2015 5:46 pm

Hi all,

I need to match devices with a specific name prefix (or mac address prefix) and then attach a firewall rule to them.

E.g all Android devices have android- prefixed to their names (and all devices have specific OUI attached to them i the mac-address), I want to be able to go through the DHCP leases and match all devices with this prefix and then attach a firewall rule to the device or alternatively, add the devices to a list and attach the firewall rule to the list.

I'm of the impression that the Routers do not have the mac-address-list option.

If this is possible I would like some help with it because currently I am manually going through the process and it's pretty painful to say the least.

I am using a CCR1036.

Any other info that is needed to help me with this, I would provide.

Thanks.
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Fri Jul 31, 2015 8:07 am

Everyone can freely change the hostname and mac address of wifi module on his android phone/tablet. This is not the secure way.
 
oxigeno20
Frequent Visitor
Frequent Visitor
Posts: 87
Joined: Tue May 23, 2006 5:29 pm
Location: Argentina

Re: Dynamically attach a firewall rule by matching a device name (or mac address) prefix

Fri Aug 07, 2015 4:23 pm

May be, you would search the list of dhcp-server-leases with a loop, and attach the rule to the bridge filter, or firewall filter, or directly block-acccess in the dhcp-server without firewalls.

check it out.

http://www.tech-nico.com/blog/script-mi ... -con-dhcp/

http://www.tech-nico.com/blog/script-mi ... -firewall/

http://www.tech-nico.com/blog/script-mi ... -efectivo/

Who is online

Users browsing this forum: No registered users and 17 guests