Ipbound
From Wiki of WFilter NG Firewall
(Difference between revisions)
Line 16: | Line 16: | ||
** "Allow All". Allow internet access for ubound IP addresses. | ** "Allow All". Allow internet access for ubound IP addresses. | ||
** "Block below IP". Local IP address belongs to the IP ranges will be blocked. | ** "Block below IP". Local IP address belongs to the IP ranges will be blocked. | ||
+ | * Static ARP: enable static ARP for listed IP-mac addresses. | ||
* For ubound MAC addresses, you can set each lan subnet to assign IP address or not. | * For ubound MAC addresses, you can set each lan subnet to assign IP address or not. | ||
** "Disable". Do not assign IP to unlisted MAC address. | ** "Disable". Do not assign IP to unlisted MAC address. |
Latest revision as of 12:16, 19 April 2023
Contents |
[edit] 1 IP-MAC Binding
This module enables you to bind an ip address to a MAC address. Please notice:
- When "ip-mac binding" is enabled, WFilter NGF DHCP server will assign static ip addresses to clients.
- WFilter NGF does not act as a DHCP server when deployed as a network bridge.
- If you have another dhcp server, for "ip-mac binding" to work properly, please modify your DHCP server to assign listed static ip addresses to clients.
- If you want to apply binding to clients connected with a three layer switch, you need to enable "MAC Detector".
[edit] 2 Settings
- For ubound IPs, you can choose to:
- "Block All". No internet access for ubound IP addresses.
- "Allow All". Allow internet access for ubound IP addresses.
- "Block below IP". Local IP address belongs to the IP ranges will be blocked.
- Static ARP: enable static ARP for listed IP-mac addresses.
- For ubound MAC addresses, you can set each lan subnet to assign IP address or not.
- "Disable". Do not assign IP to unlisted MAC address.
- "Enable". Assign IP to unlisted MAC address.
- Please note: because client will cache the assigned ip for a while, sometimes you can not obtain the new bound ip immediately. For example, in windows system, you need to run command "ipconfig /renew" to force dhcp renew.
[edit] 3 IP-MAC List
- Click the "state" icon, you can turn on/off the binding.
Please notice: even a binding is in "off" state, static ip address will still be assigned by WFilter's DHCP.
[edit] 4 Import & Remove
- Scan and Import: scan local ip & mac list for importing.
- Without "MAC Detector", only local ARP table will be scanned.
- With "MAC Detector" enabled, it also can import clients detected by "MAC Detector".
- Import List: import a pre-defined IP & mac list.
- Delete: delete ip-mac list