Mac Address AccessControl List

I been looking for a feature to add that's similar to NETGEARS access control list. I installed k-szuster luci-access-control but I need to be able to Name and Allow and/or Block Devices before they fully connect. Netgear had a option to allow people to connect to the router without internet access which also saved their mac address and IP even when disconected. Which then allowed me to name and Aloow their device to access internet.

Parental controls: Restrict access to Wi-Fi by MAC address

That only allows me to block devices already connected to the router and it doesn’t save devices that have attempted to connect or have previously connected. I basically need a standby list that I can review then name and allow/block. NETGEAR allowed people to connect with “limited” access until I Allowed their device to fully connect to the internet. Unless I’m missing something?

It is wrong to expect that OpenWrt offers exactly the same functionality.
What you can do is disable the default LAN to WAN forwarding in the firewall and create a couple of traffic rules that allow forward and input only for specific MACs.
Keep in mind that wireless traffic can be captured by anyone, so this sort of protection is unreliable against technically savvy attackers.

1 Like

I understand, "k-szuster luci-access-control" is almost what I needed only thing missing is a list of devices that have attempted to connect. The devices/users im trying to control arent very tech savvy. Just trying to limited people without blantantly not allowing them to connect. I tried the MAC filtering but that doesn't allow them to "think" they are still connected. I also don't want to just close the whole Guest Network or Constantly change passwords. I'll keep digging.

Traffic rules (at least 2, 1 match restricted acees, one full access based on ip) as @vgaetera suggested is the way to go.

Yiu can use a small dhcp pool on the guest and restrict full internet access to that pool of ip's by default, allow udp 67,68,53 on the subnet.

Convert the desired hosts to statc leases (search the MAC and name it) to unlock full access.

1 Like