[TriLUG] MAC-based web blocking

jason at monsterjam.org jason at monsterjam.org
Wed Sep 6 16:39:09 EDT 2006


why cant you just filter the mac addresses  with iptables?

Jason

On Wed, Sep 06, 2006 at 04:27:14PM -0400, Brian 
Henning wrote:
> The reason I don't want to use IP-based rules is that our problem users 
> are probably resourceful enough to try resetting their IPs.
> 
> But yeah, I was already on that track; glad to have some encouraging 
> suggestions. :-)
> 
> Thanks!
> ~B
> 
> Stephen Roller wrote:
> >On Wed, 2006-09-06 at 15:37 -0400, Brian Henning wrote:
> >>I need to selectively block access to web sites based on MAC address of 
> >>the browsing computer.  It needs to be essentially transparent to 
> >>everyone except the computers of the users with whom we have issues 
> >>(fortunately $boss is not to the "$coworker has ruined it for everyone" 
> >>stage, and is just saying "block $coworker's access").  In other words, 
> >>I need "MAC addr xx:xx:xx:xx:xx:xx is only allowed to access this list 
> >>of sites."
> >
> >Squid (http://www.squid-cache.org/) can do that.
> >http://www.visolve.com/squid/squid24s1/access_controls.php
> >search for "MAC address" in this page.  Of course, the proxy has to be
> >on the same subnet.  
> >
> >It might be easier to do it based on IP address.  If you add a static
> >entry to your DHCP table (Mac addr xx:xx:xx:xx:xx:xx always gets IP
> >yyy.yyy.yyy.yyy).  But you don't have to if you don't want to.  Like I
> >said, it can do MAC addresses just fine.
> >
> 
> -- 
> ----------------
> Brian A. Henning
> strutmasters.com
> 336.597.2397x238
> ----------------
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/

-- 
================================================
|    Jason Welsh   jason at monsterjam.org        |
| http://monsterjam.org    DSS PGP: 0x5E30CC98 |
|    gpg key: http://monsterjam.org/gpg/       |
================================================




More information about the TriLUG mailing list