[TriLUG] MAC-based web blocking

Brian Henning brian at strutmasters.com
Wed Sep 6 16:27:14 EDT 2006


The reason I don't want to use IP-based rules is that our problem users 
are probably resourceful enough to try resetting their IPs.

But yeah, I was already on that track; glad to have some encouraging 
suggestions. :-)

Thanks!
~B

Stephen Roller wrote:
> On Wed, 2006-09-06 at 15:37 -0400, Brian Henning wrote:
>> I need to selectively block access to web sites based on MAC address of 
>> the browsing computer.  It needs to be essentially transparent to 
>> everyone except the computers of the users with whom we have issues 
>> (fortunately $boss is not to the "$coworker has ruined it for everyone" 
>> stage, and is just saying "block $coworker's access").  In other words, 
>> I need "MAC addr xx:xx:xx:xx:xx:xx is only allowed to access this list 
>> of sites."
> 
> Squid (http://www.squid-cache.org/) can do that.
> http://www.visolve.com/squid/squid24s1/access_controls.php
> search for "MAC address" in this page.  Of course, the proxy has to be
> on the same subnet.  
> 
> It might be easier to do it based on IP address.  If you add a static
> entry to your DHCP table (Mac addr xx:xx:xx:xx:xx:xx always gets IP
> yyy.yyy.yyy.yyy).  But you don't have to if you don't want to.  Like I
> said, it can do MAC addresses just fine.
> 

-- 
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------



More information about the TriLUG mailing list