this post was submitted on 01 Aug 2025
        
      
      911 points (96.6% liked)
      Programmer Humor
    27029 readers
  
      
      515 users here now
      Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
        founded 2 years ago
      
      MODERATORS
      
    you are viewing a single comment's thread
view the rest of the comments
    view the rest of the comments
 
          
          
I want per device firewall and DNS rules for myself, the wife and the kids. With opnsense or pfsense I don't believe this is possible with SLAAC, which is what android only supports.
Shove all devices on a flat network with no special firewall rules and you are probably golden. But trying to control your own network, last few times I've tried, is impossible.
I've done this using separate networks, each device group I want to treat differently get's its own subnet/vlan pair and I firewall the whole vlan. No matter what ips clients have (or even what ips they statically set themself) they can't get past the firewall.
To physically get them connected to the network I use something similar to this config to have one wpa2-personal ssid that leads to multiple vlans depending on the password. Though you could also have multiple ssids with one vlan each or even wpa2-enterprise.
The router doesn't know the IP of android devices (though it doesn't need to), it only knows the vlans of the clients and what network they come from. For all other clients I have dhcpv6.
DNS is on the router and can be set for each network.