DHCP server MAC-address filtering

JerryNet · April 20, 2019, 8:05am

Hi Everyone, and thanks voor checking out this thread.

Pi-Hole works great and it's always a breeze to set-up. Now recently I've been trying to use the built-in DHCP server to take over control from the network that's currently managed by the ISP-provided modem/router combo.

In my situation I need to implement MAC-address filtering through whitelisting. I am not trying to whitelist a device from receiving the Pi-Holed, ad-filtered DNS responses but actually block devices from accessing the Internet entirely unless their MAC-address is added to the system.

The ISP modem "supports" this function but it is extremely buggy (rather call it non-functional) so I'm trying to use Pi-Hole to replace this. I went for PiHole as it uses dnsmasq to run the DNS server as well as the DHCP server, and as it is so easy to set up. I was planning on making the needed changes manually in /etc/dnsmasq.conf or /etc/dnsmasq.d/[config] needed to set it to filter MAC-addresses. I've used this source and Implementing a device white list with dnsmasq – Upon 2020. I added these arguments in /etc/dnsmasq.d/02-...[dhcp-server config file]. It is the one that is created when enabling the DHCP-server in the Pi-Hole adminpanel, so that led me to believe that would be the right one to edit. However, there was a warning in there about these settings being managed by the admin panel and making changes would be made undone if I recall correctly.

Setting up PiHole, enabling the DHCP-server and disabling the DHCP-server on the ISP modem works as advertised. Traffic ran great when I didn't make any changes to the config files and network-wide DNS was set to the Pi-Hole as advertised.

So I'm looking for an answer on two questions:

Is it possible to make manual additional changes that aren't possible through the admin panel but are possible with the used modules, that won't be reverted back by Pi-Hole services?
Where and what changes do I have to make to implement MAC-address filtering? Do I clone the second file and add the changes to that or only have the whitelist settings in the custom config file?

Thanks in advance!

JerryNet · April 20, 2019, 10:04am

Thank you so much.

You can’t use config lines that are already defined in other configs because that will cause a conflict.
I think that would answer question #2 in a way. Don't clone, create a separate config file and have that only contain the correct filtering rules.

Now I just have to find out what the correct arguments are!
I'll try it out soon and report back what worked and what didn't, and mark this case as solved. If in the mean time someone knows what does work correctly in terms of used arguments or syntax, I'd be happy to receive that as a reply on here.

JerryNet · April 25, 2019, 9:11am

After trying a few times I got it to work! I have no idea why it didn't work the first 2 times I tried it but now it does....

In /etc/dnsmasq.d/03-custom-DHCP.conf I added the following code:

dhcp-ignore=tag:!known
dhcp-host=11:22:33:44:55:66,set:known
dhcp-host=11:22:33:44:55:66,set:known

EDIT:
Looking back I think that I broke the configuration the first few times by restarting Dnsmasq.service manually through systemctl restart.

The correct way is pihole restartdns after a config change

system · May 16, 2019, 9:11am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.