BLOCK CLIENTS BASED ON MAC ADDRESS

End Result: A proxy server performing web-cache and blocking certain MAC addresses.

Scenario:

Proxy Server: linuxbox5 (192.168.0.15)
Proxy Server Port: 8080
Blocked MAC: 00:B0:D0:A1:68:06
Alowed MAC: 17:FF:C3:A1:68:A0

Note: MAC based setings can only be used in squid.conf file if we have compiled squid with
“enable-arp-acl” configure option. Squid does not come precompiled with this option.

Perform al steps given above under the heading “Simple Web-cache Setup with Squid”. And do the
additional steps given below.

# vi /etc/squid/squid.conf

Add folowing ACL lines

acl deny-macs arp 00:50:04:99:C4:1D
http_access deny deny-macs

acl alow-macs arp 17:FF:C3:A1:68:A0
http_access allow allow-macs


Here:
deny-macs & alow-macs: are ACL names.

arp: ACL type is ARP (MAC address). Means we have created group of clients/PCs
based on MAC addresses. And after that we alow or deny access based on
these ACLs.

http_access deny deny-macs:
We have denied web (htp_access) acess to MAC addres specified in “deny-macs”
ACL.

htp_access alow alow-macs:
We have alowed web (htp_acces) acess to MAC addres specified in “alow-macs”
ACL.

Save and exit and restart squid service.

# service squid restart