Re: [squid-users] MAC + IP Combined ACL - WIll it work???

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 26 May 2009 15:37:14 +1200 (NZST)

>
>
> Dear Amos,
>
> Thanks for your quick reply... I am not talking about a single user
> actually. There will be around 150 to 200 users. If i config the following
> (i didnt find any other way from my understanding);
>
> acl users_mac arp "/list-of-mac"
> acl users_ip ip "/list-of-ip"
> acl target_acl dstdom_regexp *.*
>
> http_access allow users_mac users_ip target_acl
> http_access deny all
>
> here users are granted access based on a pool of IP. if user abc who have
> mac 00:42:4B:3C:50:4B can take any IP address for that 100 or 150 IP list
> from "/list-of-ip" and use the internet.
>
> Rather i want to restrict user abc with his MAC to use ONLY one ip, say
> 192.168.0..10 to access internet. If he use any other IP, even from the
> allowed pool, squid should BLOCK his request.
>
> Thats why i mentioned like allowing based on MAC+IP pair (if any of the
> part of this pair is changed, INTERNET IS BLOCKED)
>
> Please advice me, if possible, how can i build up the acl.
>

In which case...

To do it the hard way with Squid, you will need an external_acl_type
helper which takes the IP address and locates the MAC address then checks
they are a match to your list.

Patches for 3.HEAD to send the MAC from squid to the external helper are
welcome.

Amos
Received on Tue May 26 2009 - 03:37:24 MDT

This archive was generated by hypermail 2.2.0 : Tue May 26 2009 - 12:00:01 MDT