0

I am setting up Squid proxy with mac address acl. I have recompiled squid 3.5 rpm with --enable-arp, acl. But after configuring Squid.conf with mac address acl its unable to block access for unwanted mac address.

Is it possible to create iptable rule and allow some mac addresses to permit web access? if yes how to do that?

Edit: Added as follows:

acl mac arp 00:E1:34:CD:C0:22
http_access allow mac 
http_access deny all
Improve this question
4
  • It's some squid example , Do you define your acl such as them: acl M1 arp 01:02:03:04:05:06 acl M2 arp 11:12:13:14:15:16 http_access allow M1 http_access allow M2 http_access deny all ? Commented Mar 12, 2015 at 14:21
  • 1
    Is your squid on the same Layer2 domain(physical network or vlan) of the computers your are trying to block? If not, there is no way to this, since it is a prerequisite from the arp acl and the arp protocol itself. Commented Mar 12, 2015 at 16:25
  • Layer 2 packet filtering can be controlled using ebtables. * ebtables.netfilter.org I am not certain you can mix higher layer selectors (TCP port) with layer 2 rules, you will need to research this one. Commented Mar 2, 2018 at 14:40
  • as @uawe34720 comment, the more probable problem you are dealing with, is that you are seeing the MAC of the router, and not the MAC of the client. Commented May 18, 2023 at 8:58

1 Answer 1

Reset to default
0

Try this configuration in squid.conf , Just deny access from localhost and restart squid, it may make allow only specific MAC,also disable remove rule from Iptables.

acl mac arp 00:E1:34:CD:C0:22

http_access deny localhost

http_access allow mac http_access deny all

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.