Configure Squid Proxy Server Mac Address Based Filtering

MAC-based filtering is useful for networks using DHCP to assign IP addresses to systems. As we know MAC is hard coded on NIC and can’t be changed but IP addresses assigned by DHCP may change on next IP assignment. This tutorial will help you to how to Configure Squid Proxy Server Mac Address Based Filtering.

If you do not have Squid installed, Go to below link for installing squid on CentOS/RHEL/Fedora systems.

Install and Configure SQUID Proxy Server on CentOS/RHEL Linux

ACL rules are need to add in squid configuration file /etc/squid/squid.conf. Remember that squid Squid always applied first matching rules from top to down order and ignore other after matching any rule

1. Block All Sites For Single MAC Address

Following configuration will block all the sites to the system having MAC address 01:23:45:AB:CD:EF.

Squid ACL Rule:

acl pcmac1 arp 01:23:45:AB:CD:EF
http_access deny pcmac1

2. Block Single Site for Single MAC Address

Following configuration will block www.example.com site to the system having MAC address 01:23:45:AB:CD:EF.

Squid ACL Rule:

acl blocksite1 dstdomain www.example.com
acl pcmac1 arp 01:23:45:AB:CD:EF
http_access deny blocksite1 pcmac1

3. Block All Sites for Multiple MAC Addresses

Following configuration will block all the sites to systems having MAC addresses 01:23:45:AB:CD:EF and AB:CD:EF:01:23:45.

MAC Addresses List

cat /etc/squid/mac-addrs.lst

01:23:45:AB:CD:EF
AB:CD:EF:01:23:45

Squid ACL Rule:

acl pcmacs arp "/etc/squid/mac-addrs.lst"
http_access deny pcmacs

4. Block Single Site for Multiple MAC Addresses

Following configuration will block www.example.com to systems having MAC addresses 01:23:45:AB:CD:EF and AB:CD:EF:01:23:45.

MAC Addresses List

cat /etc/squid/mac-addrs.lst

01:23:45:AB:CD:EF
AB:CD:EF:01:23:45

Squid ACL Rule:

acl blocksite1 dstdomain www.example.com
acl pcmacs arp "/etc/squid/mac-addrs.lst"
http_access deny blocksite1 pcmacs

5. Allow Specific Site for Single MAC Address

Following configuration will allow www.example.com to system having MAC address 01:23:45:AB:CD:EF and deny other sites.
Squid ACL Rule:

acl pcmac1 arp 01:23:45:AB:CD:EF
acl allowsite1 dstdomain www.example.in
http_access allow allowsite1 pcmac1
http_access deny pcmac1

6. Allow Multiple Sites for Single MAC Address

Following configuration will allow all sites added in /etc/squid/allowsites.lst to a system having MAC address 01:23:45:AB:CD:EF and deny other sites.

Allowed Sites List

cat /etc/squid/allowsites.lst

www.google.co.in
yahoo.com
in.yahoo.com

Squid ACL Rule:

acl pcmac1 arp 01:23:45:AB:CD:EF
acl allowsite1 dstdomain "/etc/squid/allowsites.lst"
http_access allow allowsite1 pcmac1
http_access deny pcmac1

7. Allow Specific Site for Multiple MAC Addresses

Following configuration will allow www.example.com to systems having MAC address 01:23:45:AB:CD:EF and AB:CD:EF:01:23:45 and deny other sites.

MAC Addresses List

cat /etc/squid/mac-addrs.lst

01:23:45:AB:CD:EF
AB:CD:EF:01:23:45

Squid ACL Rule:

acl blocksite1 dstdomain www.example.com
acl pcmacs arp "/etc/squid/mac-addrs.lst"
http_access allow blocksite1 pcmacs
http_access deny pcmacs

8. Allow Multiple Sites for Multiple MAC Addresses

Following configuration will allow all the sites listed in /etc/squid/allowsites.lst to all systems having MAC address listed in /etc/squid/mac-addrs.lst and deny other sites.

MAC Addresses List

cat /etc/squid/mac-addrs.lst

01:23:45:AB:CD:EF
AB:CD:EF:01:23:45

Allowed Sites List

cat /etc/squid/allowsites.lst

www.google.co.in
yahoo.com
in.yahoo.com

Squid ACL Rule:

acl pcmacs arp "/etc/squid/mac-addrs.lst"
acl allowsites dstdomain "/etc/squid/allowsites.lst"
http_access allow allowsites pcmacs
http_access deny pcmacs