Alex Quaken

The main idea is to add the ability to reject connections based on MAC address patterns (masks) in cases where white/blacklists are not flexible enough for configuration.

The main goal is to block connections from clients with randomized addresses and, conversely, allow only clients with randomized addresses. Ranges are more of an additional functionality, although blocking devices from a specific vendor based on their IEEE OUI database could also be useful in some cases. Implementing filtering by mask is simpler and more preferable for most cases.

Feature Request: Support for MAC Address Filtering by Masks and Ranges Introduction Currently, my routers allow me to control wireless network access using allowlists (“White List”) and blocklists (“Black List”) based on device MAC addresses. While this works for basic cases, it becomes inconvenient in larger networks or when frequent adjustments to access settings are required. Proposed Feature I propose adding the ability to filter MAC addresses using masks and/or ranges. This would allow managing access not on a per-device basis but for entire groups of devices with similar MAC addresses. Why This Matters Ease of Management If the network contains many devices from the same manufacturer (with identical MAC address prefixes), a single rule could replace dozens of individual entries. Scalability For large or dynamic networks, this tool would simplify the management process, as working with ranges or masks is far easier than maintaining a long list of addresses. Improved Security The ability to define precise filters for groups of devices helps ensure better control over who can connect to the network. Suitable for IoT and Office Networks Devices from the same manufacturer often have similar MAC address patterns. Filtering by masks and/or ranges would make managing such devices more efficient. Management of Randomized MAC Addresses This feature would make it possible to allow or block all devices with randomized MAC addresses, or permit connections only for devices using static ones. Currently, this is nearly impossible to achieve without relying on external services. However, implementing this directly in the routers seems feasible and would not require significant technical or human resources. How It Could Work MAC Address Masks: An entry like 00:1A:2B:XX:XX:XX would cover all devices within the specified range. MAC Address Ranges: Users could specify a start and end MAC address, such as 00:1A:2B:00:00:00 – 00:1A:2B:FF:FF:FF. Interface: Add fields in the access control settings for inputting masks and/or ranges, ensuring the feature remains intuitive. Conclusion Supporting masks and/or ranges for MAC address filtering would make network management more convenient, flexible, and secure. This is especially important for modern networks where the number of connected devices continues to grow.