OpenWrt Forum Archive

Topic: DNSmasq MAC address whitelisting

The content of this topic has been archived on 25 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hello everyone,

I'm trying to solve the following problem:

On my OpenWRT Chaos Calmer 15.05.1 system I run DNSmasq as DHCP server.

I'm using static DHCP leases based on MAC addresses. Because IP addresses are a little bit rare in my organisation, I want to filter all MAC addresses which are not known (=not in my list of static leases), so that they don't get an IP.

I have already read wiki.openwrt.org/doc/uci/dhcp but couldn't find an appropriate solution.

My /etc/config/dhcp looks like this:

config dnsmasq
        option boguspriv '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option cachesize '1000'

config dhcp 'lan'
        option interface 'lan'
        option start '10'
        option limit '50'
        option leasetime '24h'

config dhcp 'wan'
        option interface 'wan'
        option start '160'
        option limit '40'
        option leasetime '72h'
        # dhcp_option 'dhcp-ignore=tag:#known'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

config host
        option mac '00:xx:xx:xx:xx:xx'
        option ip 'xxx.xxx.xxx.xxx'

[here follows the list of our clients]
        

The MAC filtering should only affect the DHCP pool 'wan', but not 'lan'.

I have already found the correct config option for dnsmasq on serverfault.com/questions/243547/dnsmasq-and-mac-filter

The commented line
# dhcp_option 'dhcp-ignore=tag:#known'
in the config file above didn't work.


How would I adapt this config option in UCI style?

Bump!

If you available pool of IPv4 addresses is so small, you have to filter MAC addresses, it sounds like you may want to consider IPv6 as a solution, plenty of addresses there.

The discussion might have continued from here.