LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-06-2011, 01:28 AM   #1
amjadask
LQ Newbie
 
Registered: Jan 2011
Posts: 25

Rep: Reputation: 0
blocking mac based address in squid


hi all
I need to block mac address in my network then i foolowed as below acl's but am getting output as follows
I tried as in /etc/squid/squid.conf
acl block arp aa:aa:yy:yy:xx:xx
http_access deny block
but it give me error as like: - (This is the output of # squid -k parse)
aclParseAclLine: Invalid ACL type 'arp'
FATAL: Bungled squid.conf line 1234: acl block arp aa:aa:yy:yy:xx:xx
squid Cache (Version 2.5.STABLE6): Terminated abnormally.can anyone say me the correct syntax

Last edited by amjadask; 04-06-2011 at 01:30 AM.
 
Old 04-06-2011, 05:10 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
See the following link and be sure to read the comments below: http://www.cyberciti.biz/faq/howto-l...ess-filtering/

According to the above discussion, this only works with Squid 3.0 AND it must be enabled at compile time. It may be far easier to perform this function in either IPtables or directly in your switches/routers. Note, however, that MAC addresses are easily spoofed and it is also easy to identify ones that are already associated with wireless networks, if you have one. Consequently, your MAC filter may not be as effective as you hope. A slightly better approach to black listing (blocking) a MAC is to white list (allow) only the ones that you want. While still not perfect, it would add some difficulty to getting around your block.
 
Old 04-06-2011, 08:13 AM   #3
amjadask
LQ Newbie
 
Registered: Jan 2011
Posts: 25

Original Poster
Rep: Reputation: 0
i have gone with it else am getting same error
and in a blog i come to know that before compiling squid must enable acl of arp
it saying rebuild squid, so can i get any other procedure without recompiling squid with solution of blocking mac address
can u say me the procedure with iptables


thanqs

Last edited by amjadask; 04-06-2011 at 08:16 AM.
 
Old 04-06-2011, 09:05 AM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
This is pretty easy. From a different page on the same website:
Quote:
The Iptables command to block MAC:00:0F:EA:91:04:08 is -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP
Here is a link. It also discusses how to white list your desired MAC address and drop the others as well as discussing MAC address spoofing.
 
Old 04-07-2011, 01:06 AM   #5
amjadask
LQ Newbie
 
Registered: Jan 2011
Posts: 25

Original Poster
Rep: Reputation: 0
hello sir
i have gone with iptables and i write the rule, but also the system with the mac address which i have drop he can access the net and he is able to browse it, its no use of writing the rule, will u suggest me with correct answer, i think i have to give source and destination how its possible and how to write the rule for it
my syntax as follows
iptables -A INPUT -m mac --mac-source 00:0f:ea:91:04:08 -j DROP

Last edited by amjadask; 04-07-2011 at 01:37 AM.
 
Old 04-07-2011, 05:19 AM   #6
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
My apologies bit I didn't re-read the thread thoroughly enough when I responded with the last Iptables suggestion to note that you wanted to block outbound traffic. The short answer is to add this rule to the OUTPUT chain rather than the INPUT chain in the rule. The long form answer is that this is an example of why it is important for YOU to understand the commands and functions that you are running on your system. I should warn you, again, that bypassing this type of filter is as easy as putting a switch in between the network connection and the PC. Therefore, I would highly recommend the following pieces of information to you:

First, here, is a link to a really good iptables tutorial. Iptables' syntax looks cryptic, but it makes sense once you "get it".

Second, here, is a link to a tutorial on content filtering using iptables. It may have some relevancy to what you are after.
 
Old 04-07-2011, 07:17 AM   #7
amjadask
LQ Newbie
 
Registered: Jan 2011
Posts: 25

Original Poster
Rep: Reputation: 0
hi sir
yeah sir i understand abt droping mac address with iptables is not that much secure than writing rules in switch,but with my condition i need to drop in proxy only not in a switch i have gone with your link and i replaced INPUT to outbound as OUTPUT but its throwing an error when am writing a rule its saying as follows
iptables:unknown error 4294967295
thanqs for giving me the continuous response
thanqs sir
 
Old 04-07-2011, 10:45 AM   #8
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
I personally haven't seen that error before. I recommend that you Google "iptables unknown error 4294967295" which will give you a lot of hits with different solutions. I wish I could point you at one of them and say, 'this is the answer' but I don't know which if any of them are. The solutions seem to range from being a permissions problem to needing to increase some limit parameters.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking dhcpd address lease for specific MAC address kulman Linux - Server 8 03-30-2013 02:51 PM
Squid Mac Blocking satish Linux - Networking 1 09-24-2010 12:37 PM
Ethernet MAC Addresses database; MAC address-based processing cctualatin Linux - Newbie 1 04-14-2009 09:59 AM
problems Blocking by Mac address maginotjr *BSD 4 08-27-2007 03:21 PM
MAC address blocking ridwan77 Linux - Newbie 1 04-22-2007 01:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration