Page 1 of 2 12 LastLast
Results 1 to 10 of 17
  1. #1
    Master Untangler johndball's Avatar
    Join Date
    Apr 2008
    Location
    Virginia
    Posts
    172

    Default Feature request: MAC filtering/blocking

    If there isn't a way to do this now, could there be an option to allow for the filtering, or blocking, of MAC addresses?

  2. #2
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,495

    Default

    Quote Originally Posted by johndball View Post
    If there isn't a way to do this now, could there be an option to allow for the filtering, or blocking, of MAC addresses?
    Depending on your LAN configuration, you might assign a static IP Address to the MAC Address (DHCP Server) then block that IP Address external access...
    Vanguard Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM
    And building #7 didn't kill itself!

  3. #3
    Master Untangler johndball's Avatar
    Join Date
    Apr 2008
    Location
    Virginia
    Posts
    172

    Default

    I can/have/would do this but it is far too easy for somebody to change the IP address of the computer and get around any blocks.*

    Here is the setup I have, and it works well, but I'd like to lock it down even further.

    The fist layer we have is HP ProCurve switches with port filtering based on MAC addresses. If somebody plugs into a port and that MAC address is not in the allow list for that port the port shuts down.

    Secondly, we have Windows Firewall running on the domain to block ALL traffic to and from ANY IP address that is not on the allow list. The IP addresses on the allow list are those workstations and network equipment that is authorized to be on the network.

    I'd like to add an extra layer using the Untangle Firewall. If somebody accesses the network and bypasses our servers or doesn't require the services of our servers (DHCP and DNS) but sends traffic directly to the firewall I'd like for the firewall to drop/block the traffic.

    *This isn't on domain-owned workstations (which are locked down) but on laptops or mobile hard-wired devices that somebody might bring into the facility. I'm only thinking about this now because we had a breach last night. A combination of safeguards weren't enabled due to the failure of multiple individuals and a breach occurred. Granted access, to my knowledge, wasn't obtained thanks to the switch security policies but it would be nice to have an additional layer on the firewall.
    Last edited by johndball; 01-03-2012 at 05:00 PM.

  4. #4
    Untangle Ninja f1assistance's Avatar
    Join Date
    Apr 2009
    Location
    Holly Springs, NC
    Posts
    1,495

    Default

    Captive Portal
    Vanguard Untangle...because nothing's worse than doing nothing!
    -------
    2, Pentium (R) Dual-Core CPU E5300 @ 2.60GHz 2599.968, 2089.96MB RAM
    And building #7 didn't kill itself!

  5. #5
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,348

    Default

    In Config/Networking/Advanced/PacketFilter you have the Source Mac Address option

    Attachment 4375
    The world is divided into 10 kinds of people, who know binary and those not

  6. #6
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,549

    Default

    Quote Originally Posted by johndball View Post
    I can/have/would do this but it is far too easy for somebody to change the IP address of the computer and get around any blocks.*
    To be honest....if someone is savvy enough to do the above, they are savvy enough to run a MAC spoofing software on their PC too.

    Control them via DHCP reservation, IP address...and don't give them local admin rights to change their network settings.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,268

    Default

    That doesn't need special software. For windows it's a property of the NIC in device manager, and for Linux/Mac is an ifconfig line on the command line. MAC controls are not more secure than IP level controls. If you require this level of control of your network, please look into NAC enabled switches.

    Also, Untangle has MAC address controls, they are in the packet filter.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Master Untangler johndball's Avatar
    Join Date
    Apr 2008
    Location
    Virginia
    Posts
    172

    Default

    Quote Originally Posted by dwasserman View Post
    In Config/Networking/Advanced/PacketFilter you have the Source Mac Address option

    Attachment 4375
    Just what I was needed. Thanks!

  9. #9
    Untangle Ninja Mathiau's Avatar
    Join Date
    Feb 2008
    Location
    Costa Frickn' Rica
    Posts
    1,636

    Default

    Quote Originally Posted by YeOldeStonecat View Post
    To be honest....if someone is savvy enough to do the above, they are savvy enough to run a MAC spoofing software on their PC too.

    Control them via DHCP reservation, IP address...and don't give them local admin rights to change their network settings.
    Bingo, you need to implement proper system level security.
    kv-2 | UT 11.0.1 | Dell R610 Server | Intel Xeon 2.8Ghz Quad Cores | 24Gb DDR3 ECC | 1 Intel QPort NIC | Integrated Broadcom QP | Dell Perc 4i | 6 x 73G 2.5 15k SAS raid 10 | 100mb/100mb | 30mb/30Mb

  10. #10
    Master Untangler johndball's Avatar
    Join Date
    Apr 2008
    Location
    Virginia
    Posts
    172

    Default

    It's already implemented. Read my second post on this thread.

    This request was for an additional layer, not primary.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2