1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible to block IP or MAC address from LAN?

Discussion in 'Tomato Firmware' started by BaileyMoto, Jan 23, 2010.

  1. BaileyMoto

    BaileyMoto Addicted to LI Member

    Perhaps I am missing it, or perhaps it's not possible. But currently, if a user plugs a device into the router, it assigned them an IP address and they have access to the local network with that device. Is it possible to filter/block certain IP's or MAC addresses completely from the router, thus preventing access to the local network? Given example would be an xbox or additional PC.

    Thanks in advance.
  2. acollado

    acollado Addicted to LI Member

    You could add the following to the DNSmasq custom config box:

    dhcp-mac=blacklist,<target MAC address>

    The target MAC address could be a single address or just the first six digits of a MAC with wild cards in the rest if you want to block an entire vendor.

    DNSmasq man page found here:
  3. BaileyMoto

    BaileyMoto Addicted to LI Member

    It doesn't seem to be working. Perhaps because the router has already assigned an IP to the given MAC address? Do you know how I could release said IP and see if that is the fix?
  4. mstombs

    mstombs Network Guru Member

    Local traffic is routed by the switch or lan bridge without being filtered by the OS. You could make each lan port a separate VLAN (not easy with tomato) the define rules about what each port can connect to, but fundamentally if someone has physical access to your LAN they can sniff all traffic on it and do pretty much anything, arp and dhcp etc are not secure protocols. I guess this can actually make wireless safer as all traffic can be encrypted and LAN access controlled by access points.

Share This Page