Restrict admin page by MAC

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Marko Polo

Senior Member
AFAIK, stock AsusWRT doesn't provide possibility to restrict access to router Admin interface from LAN by certain MAC-address. Only by IP.
Does Merlin allow such restriction?
 

CaptainSTX

Part of the Furniture
AFAIK, stock AsusWRT doesn't provide possibility to restrict access to router Admin interface from LAN by certain MAC-address. Only by IP.
Does Merlin allow such restriction?
Curious. Why do you want to restrict access by MAC instead of IP? If it is for security it doesn't make much difference as you can spoof a MAC as easily as an IP.
 

Martineau

Part of the Furniture
AFAIK, stock AsusWRT doesn't provide possibility to restrict access to router Admin interface from LAN by certain MAC-address. Only by IP.
Does Merlin allow such restriction?
You could try the following rule:
Code:
iptables  -I  INPUT  -m  mac  --mac-source  xx:xx:xx:xx:xx:xx  -d  $(nvram get lan_ipaddr)  -p  tcp  -m  multiport  --dport 80,$(nvram get https_lanport)  -j  DROP
where xx:xx:xx:xx:xx:xx is the MAC of the device you want to block from accessing the Admin GUI.
 
Last edited:

CaptainSTX

Part of the Furniture
Not sure it is as easy. MAC is more stable, so more secure. IMHO.
I will agree that it is more secure but not for the reason you believe. There are apps you can download for free that will either let you change you IP or spoof any MAC address.

The only reason I can see that a MAC is more secure than IP is in a /24 subnet you have just 254 possibilities. With a MAC address a much larger pool of possibilities. This may not make any difference to anyone trying to hack into your network as they would probably only try addresses belong to a device that was or had been connected to your network.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top