Feature request: Whitelist for MAC addresses

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Generic Questions
Author Message
kosmos
DD-WRT Novice


Joined: 31 Jan 2013
Posts: 12

PostPosted: Wed Feb 03, 2021 19:47    Post subject: Feature request: Whitelist for MAC addresses Reply with quote
You can block individual MAC addresses under Access Restrictions, but many newer cell phones can also generate a random MAC address so blocking a single MAC address no longer works. Here it would be desirable to be able to create a whitelist that contains all MAC addresses except the saved ones.
Sponsor
OneGuy83
DD-WRT Novice


Joined: 11 Mar 2020
Posts: 8

PostPosted: Fri Feb 05, 2021 15:18    Post subject: Reply with quote
this would be useful and a simple way for people to secure their small networks
Wildlion
DD-WRT Guru


Joined: 24 May 2016
Posts: 1010

PostPosted: Fri Feb 05, 2021 22:59    Post subject: Reply with quote
THis feature is already present. There are 2 options, allow only these MAC addresses and deny only these MAC addresses.

That is wireless,

Otherwise use iptables rules to
Code:

insmod ipt_mac
iptables -N CMACFILTER
#drop link local
iptables -A CMACFILTER -s 169.254.0.0/16 -j DROP
iptables -A CMACFILTER -m mac --mac-source (MAC_ADDRESS) -j RETURN
iptables -A CMACFILTER -j DROP
iptables -I FORWARD 1 -i `nvram get lan_ifname` -j CMACFILTER
iptables -I INPUT 1 -i `nvram get lan_ifname` -j CMACFILTER
kosmos
DD-WRT Novice


Joined: 31 Jan 2013
Posts: 12

PostPosted: Fri Feb 05, 2021 23:37    Post subject: Reply with quote
Sorry, I searched the whole thing under Access Restriction and it was under wireless -> MAC Filter. And I thought they had removed the function Embarassed
phlegmer
DD-WRT User


Joined: 14 Oct 2006
Posts: 282
Location: Sector 001

PostPosted: Tue Feb 23, 2021 2:27    Post subject: Reply with quote
Is Access Restrictions working now?

I'm presently on build 08/02/2020 and it's very hit or miss working. I have 2 mac addresses set to stop connecting to the internet after a specific time and sometimes it works but most of the time it does not.

I have also added the Firewall rule stated in the thread.

Thanks
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 2408

PostPosted: Tue Feb 23, 2021 4:26    Post subject: Reply with quote
Hey, I know that breakfast bagel! I do not use access restrictions, but read somewhere if a rule passes

over midnight (possibly noon as well) then split into two rules. Also see established connections and SFE.

Use dd-wrt forum search and be sure to select "search for all terms" and maybe display results as posts.

Try "access restrictions SFE" or "access restrictions midnight" and so on.

Then you will see what I am talking about (Willis).
phlegmer
DD-WRT User


Joined: 14 Oct 2006
Posts: 282
Location: Sector 001

PostPosted: Tue Feb 23, 2021 5:02    Post subject: Reply with quote
Ha, didn't know that bagel was so popular. Smile

Yeah, I already have rule split up to deny internet access from 20:05 - 23:59

Then another rule with the same deny MAC list from 00:01 - 05:00

Just a quick look around as you suggested looks like the culprit is the Shortcut Forwarding Engine. Disabling should clear it up but at a price of worse throughput from the looks of it.
bushant
DD-WRT Guru


Joined: 18 Nov 2015
Posts: 1543
Location: WCentral Indiana USA

PostPosted: Tue Feb 23, 2021 13:52    Post subject: Reply with quote
phlegmer wrote:
Just a quick look around as you suggested looks like the culprit is the Shortcut Forwarding Engine. Disabling should clear it up but at a price of worse throughput from the looks of it.

There were changes made at 44760 that probably affect this:
https://svn.dd-wrt.com/changeset/44760
https://svn.dd-wrt.com/ticket/7263

_________________
STUBBY DoT install guide----Forum Guide Lines (Please read!) --- How to get help the right way----PIA Setup Guide by egc----
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 8085
Location: Texas, USA

PostPosted: Tue Feb 23, 2021 13:58    Post subject: Reply with quote
This would mean that 44772 or higher should be used for access restrictions to work properly.
_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
phlegmer
DD-WRT User


Joined: 14 Oct 2006
Posts: 282
Location: Sector 001

PostPosted: Tue Feb 23, 2021 14:34    Post subject: Reply with quote
kernel-panic69 wrote:
This would mean that 44772 or higher should be used for access restrictions to work properly.


Oh sweet! Now I finally have a motivation to update the router!

Thanks!

Update: Now it's all coming back to me. I'm on the stable 44048 build and I see that the Apple device disconnects still has not been resolved yet. <sigh> Guess I'll have to just live with non-working AR for now. Sad
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 8085
Location: Texas, USA

PostPosted: Tue Feb 23, 2021 14:57    Post subject: Reply with quote
It's only Apple iOS devices with 14.0 - 14.2. If you're running 13.7 and below or 14.3 and above, not a problem.

P.S., a new release dropped today:

https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2021/02-23-2021-r45820/

_________________
Official Forum Rules, Guidelines & Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum. ---------------------- Linux User #377467 counter.li.org / linuxcounter.net
phlegmer
DD-WRT User


Joined: 14 Oct 2006
Posts: 282
Location: Sector 001

PostPosted: Tue Feb 23, 2021 15:38    Post subject: Reply with quote
Oh, I see my phone is 14.4 and my iTouch is 12.5.1. So maybe it would be worth to give it a go.

Yea, I just noted that there is a new build. I'll watch the feedback and if there is no issues reported, I'll give it a try.

Thanks much!
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Generic Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum