Deny new clients from connecting

Blobbie01 · August 14, 2022, 12:32pm

Hello everyone,

I was wondering if it’s possible to automatically deny new devices connecting to your network.

What I mean by this is, when someone first connects, they have no Ethernet access, until I verify their connection (basically blocking all mac addresses, and only when I verify the device, name it & give it a static IP, it’s allowed to access the Ethernet).

This is mainly to avoid clients from mac spoofing & bypassing filters, or hiding their device names in system log.

Hope someone can point me to the right direction, would be awesome to set this up!

yuxin.zou · August 15, 2022, 3:44am

Does this feature meet your needs?

Preset policies in the “Clients” page to block WAN or limit speed by default for all devices using randomized MAC addresses.
We are considering adding it in version 4.1.

beniamin · August 15, 2022, 5:14am

Please add it. I also recommend this. I really want this feature.

Can it be for any new client?

yuxin.zou · August 15, 2022, 6:24am

For now I think It only for MAC Randomization. Users shouldn’t expect this restriction to prevent malicious intrusions.

But we are also adding parental controls to our develop schedule that can manage all devices.

Blobbie01 · August 15, 2022, 7:59am

Yes, that would be absolutely perfect!

wcs2228 · August 15, 2022, 5:20pm

I think this possible by appending rules in LuCI → Network → Firewall → Firewall - Traffic Rules:

Accept your Source MAC address list from Source zone LAN to Destination Zone this device
Drop or Reject all other traffic from Source zone LAN to Destination Zone this device

The Randomized MAC address Device Preset would be a useful feature for some people, but may not prevent new clients connecting with non-randomized MAC addresses, if the feature only checks for a specific 2nd digit of 2, 6, A, or E in the MAC address.

I do not work for and I do not have formal association with GL.iNet

beniamin · August 16, 2022, 12:18pm

Agreed. It should be made for all new clients connecting to the router, this would cover randomized Mac and new clients . Much cleaner.

yuxin.zou · August 23, 2022, 8:49am

Due to scheduling (our new product will be pre-installed with version 4.1), the relevant features will be unified in the parental control module of version 4.2.
In Parental Control, users can block all new incoming devices to access the Internet.