Maximum firewall rules and MACs on Surf SOHO?


#1

I’m considering buying a Surf SOHO to replace an ancient router in my Home Office environment. Currently I’m using MAC filtering and schedules to control internet access. I see from reading the manuals and these forums that I can continue doing that with the Surf SOHO, but I don’t see documented anywhere (1) what is the maximum number of authorized MAC addresses that can be stored (2) what is the maximum number of firewall rules that can be stored?


#2
  1. Dont know
  2. Dont know
    But, MAC address filtering is a poor way to control Internet access. Competent attackers can get around it and some operating systems let users easily change their MAC address. I think MAC filtering pre-dated WEP, WPA and WPA2. The Surf SOHO can create three SSIDs, so maybe use that to control net access.

#3

Thanks for the answer. I’m trying to control access on a per-device basis, so only 3 SSID’s won’t cut it.
My competent attackers are 10 and 12 years old, so I have a little while until they figure out how to change a MAC.


#4

I think the Surf SOHO can do what you need to do to keep the kids offline late at night.

It can not directly key off a MAC address, however with DHCP reservation you can marry an IP address to a MAC address. Then, set a Firewall rule based on source IP address that denies all outbound traffic. Then, finally, setup a schedule for that rule.

Or, if you want to see how honest the kids are, set the rule to allow access but to log. This will give you an audit trail in the event log of every time the kids went online during the time they were not supposed to. It may generate a lot of data however.


#5

Great, thanks so much for the guidance. I’ll try it when I get my Surf SOHO later this week.


#6

The Surf SOHO actually can key off a MAC address, so that extra DHCP reservation step isn’t necessary.

The firewall rules and the logging have turned out to be great tools for controlling kid’s access to the internet.