[TriLUG] MAC-based web blocking
brian at strutmasters.com
Wed Sep 6 16:27:14 EDT 2006
The reason I don't want to use IP-based rules is that our problem users
are probably resourceful enough to try resetting their IPs.
But yeah, I was already on that track; glad to have some encouraging
Stephen Roller wrote:
> On Wed, 2006-09-06 at 15:37 -0400, Brian Henning wrote:
>> I need to selectively block access to web sites based on MAC address of
>> the browsing computer. It needs to be essentially transparent to
>> everyone except the computers of the users with whom we have issues
>> (fortunately $boss is not to the "$coworker has ruined it for everyone"
>> stage, and is just saying "block $coworker's access"). In other words,
>> I need "MAC addr xx:xx:xx:xx:xx:xx is only allowed to access this list
>> of sites."
> Squid (http://www.squid-cache.org/) can do that.
> search for "MAC address" in this page. Of course, the proxy has to be
> on the same subnet.
> It might be easier to do it based on IP address. If you add a static
> entry to your DHCP table (Mac addr xx:xx:xx:xx:xx:xx always gets IP
> yyy.yyy.yyy.yyy). But you don't have to if you don't want to. Like I
> said, it can do MAC addresses just fine.
Brian A. Henning
More information about the TriLUG