I would like to set up some Android tablets as HA control panels that have unrestricted access to the LAN, but are not able to access the Internet at all. I use Unifi for wireless access points and pfSense for the firewall. Is the most effective solution still to configure them with static IP addresses and then use firewall rules to drop traffic from them that attempts to leave the network, or has a better system come along that I should implement instead that takes better advantage of pfSense or Unifi?
I’d say that is the way to go. Or you could create another VLAN and put all your devices that don’t need access to the internet.
1 Like
I often use Mac addresses for block/allow rules… that way i can move them between vlans, use the DHCP etc.
How do you configure rules based on MACs in pfSense? As far as I can tell it only allows you to do so based on IP address.
Correct. Once you statically assign IP addresses then you could create an alias with all those IP’s to create your rule.
I use Cisco VPN routers, so i thought pfsence could handle that too.
I do have pfSense as a VM as I’m planing to switch to pfsense when my routers goes EOL 2026
I have to boot up my VM just to check if pfsense lack that function as i relying on that feature… so that might actually become a dealbraker for me with pfsense
I settled on the traditional method of assigning the device a static address, and then dropping traffic from that IP that is bound for the outside world. So far it seems to be working flawlessly, except that I had to disable Android’s default random MAC feature.