An option to allow LAN traffic based on the device's MAC address.

[AllenCyborg]

What would you like to add or change?: An option to allow traffic to and from LAN devices based on their MAC addresses. I do not know about the feasibility of such an option nor the security implications. The way I see this working is PM scans MAC addresses of all LAN devices similar to network monitoring tools, then automatically temporarily whitelists the IP of the device with the MAC the user wants to let through. Maybe this would need to be run periodically to change IP of the device as it changes or when another device is connected.

If a MAC address based solution is not possible, then some other way to persist rules to specific devices that may change its assigned local IP is what I'm trying to suggest.

Why do you and others need this?: This would make it easier to talk to LAN devices that do not have a static IP and to the ones that use mDNS. Examples include Printers, IoT devices, etc.

The alternatives now are:

1. Allow incoming traffic from a specific IP using an APP/global setting.
2. Disable force-block incoming LAN option.
3. Shutdown PM all together.

IMO all of these are less than ideal . Another less way would be to have an option to allow traffic for a set amount of time with an option to immediately terminate if connection to the device is lost for a defined amount of time.

[github-actions[bot]]

Greetings and welcome to our community! As this is the first issue you opened here, we wanted to share some useful infos with you:

• 🗣️ Our community on Discord is super helpful and active. We also have an AI-enabled support bot that knows Portmaster well and can give you immediate help.
• 📖 The Wiki answers all common questions and has many important details. If you can't find an answer there, let us know, so we can add anything that's missing.

[Raphty]

Interesting idea, I guess just using the dhc server to set the static IP is not what you are looking for? are you concerned that a device will not respect the configured setting?

we are thinking about more extended network protections like port scan detection and so on. Sadly we see not much resonance about those things in the community over all, and we need to focus our limited resources on the things that actually are in demand.

I hope you understand, and i hope you shed some more light on the specifics why you would need this feature.

[AllenCyborg]

I thought this would be a better option than a static IP cuz:

1. I'm connected to someone else's shared router/network(with permission) and that would be an awkward conversation 😅 since I sometimes use multiple wifi dev boards during development.
2. I sometimes connect to other networks including Android Hotspots and I don't think it's possible to assign a static IP there.
3. I think this would be a nice feature to have.