On 19 Aug 2003, Marvin Pascual wrote: > On Tue, 2003-03-18 at 16:06, Ian C. Sison wrote: > > > > MAC addresses? or IP addresses. I don't think squid can do ACLs based on > > MAC addresses. > > Yes, it's possible. You only need to rebuild a src.rpm and enable > arp-acl on it. > > > Yes you can do that. Use the filter table and the INPUT rule. > > Yeah, it would be possible but afaik it needs to manually set IPTables > rules for each MAC addresses in the squid.conf's ACL. But I don't want > to do this because we have hundreds of users in Metro Manila area > alone. I want something that will: > > [1] DROP ALL first > [2] ACCEPT my workstation for TCP port 22 and 8080 only > [3] ACCEPT all MAC addresses that are in my squid.conf's ACL for TCP > port 8080 only
If you will be maintaining the squid ACL manually anyway, forget the squid.conf ACL, and just go with the iptables filter/input rules. And, MAC addresses are only used for ethernet media. If your hosts are over the internet, identify them via IP addresses not mac addresses. If your intended users are using dynamic IPs, then you have to enable squid proxy authentication para pag login na lang sila. > Is there any solution for this problem? > > Thanks in advance. > > Marvin > > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL > PROTECTED] > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
