The reason I don't want to use IP-based rules is that our problem users
are probably resourceful enough to try resetting their IPs.
But yeah, I was already on that track; glad to have some encouraging
suggestions. :-)
Thanks!
~B
Stephen Roller wrote:
On Wed, 2006-09-06 at 15:37 -0400, Brian Henning wrote:
I need to selectively block access to web sites based on MAC address of
the browsing computer. It needs to be essentially transparent to
everyone except the computers of the users with whom we have issues
(fortunately $boss is not to the "$coworker has ruined it for everyone"
stage, and is just saying "block $coworker's access"). In other words,
I need "MAC addr xx:xx:xx:xx:xx:xx is only allowed to access this list
of sites."
Squid (http://www.squid-cache.org/) can do that.
http://www.visolve.com/squid/squid24s1/access_controls.php
search for "MAC address" in this page. Of course, the proxy has to be
on the same subnet.
It might be easier to do it based on IP address. If you add a static
entry to your DHCP table (Mac addr xx:xx:xx:xx:xx:xx always gets IP
yyy.yyy.yyy.yyy). But you don't have to if you don't want to. Like I
said, it can do MAC addresses just fine.
--
----------------
Brian A. Henning
strutmasters.com
336.597.2397x238
----------------
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
