MAC address filtering

compendius · January 14, 2022, 11:29am

Hi,

I own a Brume MV1000 (no wireless) and I am using it in full router NAT mode.

I want to only allow certain devices on my LAN to have access to the network. I appreciate that MAC address filtering is imperfect and easily hacked, but it is a good start until I have time to implement freeradius or something like wireguard.

So I need a way to easily add an allow list of MAC addresses and deny all others.

I have found this in the OpenWRT wiki but it assumes you have a wireless router
https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_parent_controls#web_interface_instructions1

which I do not (the advanced GUI does NOT have the wireless menu with MAC address filter tab)

So it looks like I am left with using firewall traffic rules which is more complicated to implement

https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_parent_controls#web_interface_instructions

Has anyone achieved this and if so what is the best way to do this without messing up my current default firewall traffic rules?

alzhao · January 15, 2022, 4:07am

The first link is talking about how to deny mac address connecting to your wifi. So it does not work for MV1000.

The 2nd link is using firewall to drop mac address’s data, so it works for you.

But the best way is just block some client from the client list in the default UI.

compendius · January 17, 2022, 2:45pm

Hi,

Thanks for the reply. Blocking is not really an option as by that time they are already on the network and have potentially done some damage.
Anyway I now have a different strategy mainly due to IOS Mac randomisation which makes it very hard to maintain an ACL of MAC addresses https://support.apple.com/en-gb/guide/security/secb9cb3140c/web
I have now created a second guest network that I only hand out to visitors. This gives me more control.