An enabler is a firewall rule that supersedes adam:ONE DTTS functionality (this applies only to pfSense platform). Here’s one way you can address it that requires a little planning and onboarding per-device, which you need to do anyway in order to assign them a specific policy:
- segment your subnet to DHCP range and DHCP RESERVATION (Static DHCP) range in half
- for example, 10.10.10.30-127 can be for non-reserved DHCP offers, 10.10.10.128-254 for reservations
- create your enabler rules for 10.10.10.128/25 subnet only and the non-reserved IPs will not have the enabler rules applied to them
Other clients take it a step further and simply deny IP addresses to any non-reserved MAC address, but then the onboarding is a little more difficult b/c you can’t get the newcomer’s via mytools.management/whoami (or by looking at DHCP lease table, or by looking at your holding tank, etc).