I am running pfsense (v 1.2.3) embedded as my primary router. I would like to block all traffic from unknown hosts. I have the DHCP server set to give out leases only to certain pre-defined (based on MAC Address) hosts. What I would like to prevent is someone setting up a static ip on a machine and being able to use my system.
Is it possible to prevent this, and if so, exactly how would I accomplish this? I realize they would have to be either physically connected, or have access to my wireless network, but I am trying to use the router as another level of security, plus I have some time restrictions for kids devices based on ip addresses, and I don't want them to be able to circumvent these just by assigning a static ip address.
Firewall – Block non DHCP clients from pfsense
firewallpfsense
Best Answer
You can use the static ARP in the DHCP server and only allow defined hosts to get an IP. You'll want to use 2.0 if you go the full static ARP route, there were some issues recently found there in the stable release but it works fine in 2.0.