Facebook Twitter Instagram
    TecAdmin
    • Home
    • Ubuntu 20.04
      • Upgrade Ubuntu
      • Install Java
      • Install Node.js
      • Install Docker
      • Install LAMP Stack
    • Tutorials
      • AWS
      • Shell Scripting
      • Docker
      • Git
      • MongoDB
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    Home»Network Services»Proxy»Configure Squid Proxy Server Mac Address Based Filtering

    Configure Squid Proxy Server Mac Address Based Filtering

    RahulBy RahulJuly 5, 20133 Mins ReadUpdated:June 4, 2019

    MAC-based filtering is useful for networks using DHCP to assign IP addresses to systems. As we know MAC is hard coded on NIC and can’t be changed but IP addresses assigned by DHCP may change on next IP assignment. This tutorial will help you to how to Configure Squid Proxy Server Mac Address Based Filtering.

    If you do not have Squid installed, Go to below link for installing squid on CentOS/RHEL/Fedora systems.

    Install and Configure SQUID Proxy Server on CentOS/RHEL Linux

    ACL rules are need to add in squid configuration file /etc/squid/squid.conf. Remember that squid Squid always applied first matching rules from top to down order and ignore other after matching any rule

    1. Block All Sites For Single MAC Address

    Following configuration will block all the sites to the system having MAC address 01:23:45:AB:CD:EF.

    Squid ACL Rule:

    acl pcmac1 arp 01:23:45:AB:CD:EF
    http_access deny pcmac1
    

    2. Block Single Site for Single MAC Address

    Following configuration will block www.example.com site to the system having MAC address 01:23:45:AB:CD:EF.

    Squid ACL Rule:

    acl blocksite1 dstdomain www.example.com
    acl pcmac1 arp 01:23:45:AB:CD:EF
    http_access deny blocksite1 pcmac1
    

    3. Block All Sites for Multiple MAC Addresses

    Following configuration will block all the sites to systems having MAC addresses 01:23:45:AB:CD:EF and AB:CD:EF:01:23:45.

    MAC Addresses List

    cat /etc/squid/mac-addrs.lst
    
    01:23:45:AB:CD:EF
    AB:CD:EF:01:23:45
    

    Squid ACL Rule:

    acl pcmacs arp "/etc/squid/mac-addrs.lst"
    http_access deny pcmacs
    

    4. Block Single Site for Multiple MAC Addresses

    Following configuration will block www.example.com to systems having MAC addresses 01:23:45:AB:CD:EF and AB:CD:EF:01:23:45.

    MAC Addresses List

    cat /etc/squid/mac-addrs.lst
    
    01:23:45:AB:CD:EF
    AB:CD:EF:01:23:45
    

    Squid ACL Rule:

    acl blocksite1 dstdomain www.example.com
    acl pcmacs arp "/etc/squid/mac-addrs.lst"
    http_access deny blocksite1 pcmacs
    

    5. Allow Specific Site for Single MAC Address

    Following configuration will allow www.example.com to system having MAC address 01:23:45:AB:CD:EF and deny other sites.
    Squid ACL Rule:

    acl pcmac1 arp 01:23:45:AB:CD:EF
    acl allowsite1 dstdomain www.example.in
    http_access allow allowsite1 pcmac1
    http_access deny pcmac1
    

    6. Allow Multiple Sites for Single MAC Address

    Following configuration will allow all sites added in /etc/squid/allowsites.lst to a system having MAC address 01:23:45:AB:CD:EF and deny other sites.

    Allowed Sites List

    cat /etc/squid/allowsites.lst
    
    www.google.co.in
    yahoo.com
    in.yahoo.com
    

    Squid ACL Rule:

    acl pcmac1 arp 01:23:45:AB:CD:EF
    acl allowsite1 dstdomain "/etc/squid/allowsites.lst"
    http_access allow allowsite1 pcmac1
    http_access deny pcmac1
    

    7. Allow Specific Site for Multiple MAC Addresses

    Following configuration will allow www.example.com to systems having MAC address 01:23:45:AB:CD:EF and AB:CD:EF:01:23:45 and deny other sites.

    MAC Addresses List

    cat /etc/squid/mac-addrs.lst
    
    01:23:45:AB:CD:EF
    AB:CD:EF:01:23:45
    

    Squid ACL Rule:

    acl blocksite1 dstdomain www.example.com
    acl pcmacs arp "/etc/squid/mac-addrs.lst"
    http_access allow blocksite1 pcmacs
    http_access deny pcmacs
    

    8. Allow Multiple Sites for Multiple MAC Addresses

    Following configuration will allow all the sites listed in /etc/squid/allowsites.lst to all systems having MAC address listed in /etc/squid/mac-addrs.lst and deny other sites.

    MAC Addresses List

    cat /etc/squid/mac-addrs.lst
    
    01:23:45:AB:CD:EF
    AB:CD:EF:01:23:45
    

    Allowed Sites List

    cat /etc/squid/allowsites.lst
    
    www.google.co.in
    yahoo.com
    in.yahoo.com
    

    Squid ACL Rule:

    acl pcmacs arp "/etc/squid/mac-addrs.lst"
    acl allowsites dstdomain "/etc/squid/allowsites.lst"
    http_access allow allowsites pcmacs
    http_access deny pcmacs
    
    mac mac filtering proxy squid squid as mac filter
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp
    Previous ArticleHow to Install Squid Proxy Server on CentOS/RHEL 7/6 & Fedora 30/29/28
    Next Article How to Debug a Shell Script?

    Related Posts

    How to Setup Squid Proxy Server on Ubuntu and Debian

    Updated:June 17, 20225 Mins Read

    How to Use Curl Command with Proxy on Linux

    Updated:October 10, 20191 Min Read

    How to Install GIMP on MacOS

    Updated:September 13, 20192 Mins Read

    How to Setup Squid Proxy Server on Ubuntu 18.04 & 16.04

    Updated:June 16, 20223 Mins Read

    How to install and configure Squid Proxy on Debian 8

    Updated:December 21, 20183 Mins Read

    How to Setup Reverse Proxy on IIS with URL-Rewrite

    Updated:July 3, 20182 Mins Read

    6 Comments

    1. walter on December 17, 2019 12:46 am

      iptables=/sbin/iptables-legacy

      acertablet=”01:db:c9:db:00:00″

      $iptables -A FORWARD -m mac –mac-source $acertablet -j DROP

      Reply
    2. Mozaad on September 11, 2017 5:45 pm

      I followed this tutorial it work like a charm to block all http websites based on mac address. but as one user said it bypass all the https traffic. i found this tutorial to block https traffic in squid: http://broexperts.com/block-facebook-twitter-and-youtubes-https-traffic-in-squid-transparent-mode/

      Reply
    3. Muhammad Tahir Minhas on July 12, 2017 6:10 am

      mac based filter can be bypassed using https in the address bar. . is thier any fix on this??

      Reply
    4. joe on August 21, 2014 1:24 pm

      mac based filter can be bypassed using https in the address bar. . is thier any fix on this??

      thanks in advance!

      Reply
    5. Mustafa on January 18, 2014 1:08 pm

      Ok this is great ! just what I needed, but I want one more thing. The list of MAC address need to be stored in a MySql DB. Is there any out of the box solution for this ?

      Thanks in advance

      Reply
    6. Luma Ndikum on January 11, 2014 1:03 am

      #MAC-ADDRESS FILTERING WITH SQUID PROXY SERVER FOR KNOWN MAC ADDRESSES
      #MY WIN XP COMPUTER HAS ACCESS TO INTERNET BUT THE REST OF THE NETWORK DOESNOT
      acl all src 0.0.0.0/0.0.0.0
      acl pcmac1 arp 08:00:27:E4:FD:6A
      http_access allow pcmac1
      http_access deny all

      Reply

    Leave A Reply Cancel Reply

    Recent Posts
    • How To Install Docker on Ubuntu 22.04
    • How to Install Bower on Ubuntu 22.04 & 20.04
    • How to run “npm start” through Docker
    • Filesystem Hierarchy Structure (FHS) in Linux
    • How to accept user input in Python
    Facebook Twitter Instagram Pinterest
    © 2022 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.