Whitelisting or blacklisting Macs on ethernet physical ports

Hello! I’m trying to find a way of implementing whitelisting or blacklisting of Mac addresses that connect directly to the switch through ethernet, via cable to the router rj45 ports. Is this possible? So far I have only seen ways of doing this on the Wi-Fi connections.

something like https://upon2020.com/blog/2017/06/implementing-a-device-white-list-with-dnsmasq/ ?

Almost. I see the solution allows us to only provide DHCP to certain MAC addresses. I would like to completely block a MAC address from entering the Lan, even if the host has a static IP address and, therefore, does not need DHCP.

not sure it's doable, since the LAN traffic doesn't pass any firewall ...

It should be possible with ebtables/nftables.

1 Like

Wired IEEE8021X would be the real solution, which is possible with OpenWrt, but requires a rather manual setup.

1 Like

Thanks, I will check both options

A properly managed switch can do allow or block lists based on MAC addresses. Not an openwrt solution, but a viable way to implement this if it is critical.