I have a system with a wm(4) interface, and a vlan. I have wifi where one ssid goes on trunk and one goes on a specific other vlan tag, configured as vlan0. dhcpd serves one subnet to wm0 and another to vlan0.
For reasons that are not clear, I am seeing packets from hosts that should be on the vlan also appear on wm0, and I want dhcpd to ignore those. I think this may be a Unifi bug. I dimly remember there was a facility to firewall by mac address, but I can't find it now in ipfilter. I don't see it in npf either. But, that might block it from the stack, not dhcpd which at least used to use bpf. In dhcpd, I can ignore by mac address, globally. And I can 'deny' in the pool for wm0. But I need these hosts to get addrs on vlan1. If I deny in wm0, then they get NAKs for "no address in pool" and I want them to be ignored. So: any way to firewall by mac addr? any way to have dhcpd ignore by mac on one subnet but not the other?
