Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-06-2011, 01:28 AM
|
#1
|
LQ Newbie
Registered: Jan 2011
Posts: 25
Rep:
|
blocking mac based address in squid
hi all
I need to block mac address in my network then i foolowed as below acl's but am getting output as follows
I tried as in /etc/squid/squid.conf
acl block arp aa:aa:yy:yy:xx:xx
http_access deny block
but it give me error as like: - (This is the output of # squid -k parse)
aclParseAclLine: Invalid ACL type 'arp'
FATAL: Bungled squid.conf line 1234: acl block arp aa:aa:yy:yy:xx:xx
squid Cache (Version 2.5.STABLE6): Terminated abnormally.can anyone say me the correct syntax
Last edited by amjadask; 04-06-2011 at 01:30 AM.
|
|
|
04-06-2011, 05:10 AM
|
#2
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
See the following link and be sure to read the comments below: http://www.cyberciti.biz/faq/howto-l...ess-filtering/
According to the above discussion, this only works with Squid 3.0 AND it must be enabled at compile time. It may be far easier to perform this function in either IPtables or directly in your switches/routers. Note, however, that MAC addresses are easily spoofed and it is also easy to identify ones that are already associated with wireless networks, if you have one. Consequently, your MAC filter may not be as effective as you hope. A slightly better approach to black listing (blocking) a MAC is to white list (allow) only the ones that you want. While still not perfect, it would add some difficulty to getting around your block.
|
|
|
04-06-2011, 08:13 AM
|
#3
|
LQ Newbie
Registered: Jan 2011
Posts: 25
Original Poster
Rep:
|
i have gone with it else am getting same error
and in a blog i come to know that before compiling squid must enable acl of arp
it saying rebuild squid, so can i get any other procedure without recompiling squid with solution of blocking mac address
can u say me the procedure with iptables
thanqs
Last edited by amjadask; 04-06-2011 at 08:16 AM.
|
|
|
04-06-2011, 09:05 AM
|
#4
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
This is pretty easy. From a different page on the same website:
Quote:
The Iptables command to block MAC:00:0F:EA:91:04:08 is -A INPUT -m mac --mac-source 00:0F:EA:91:04:08 -j DROP
|
Here is a link. It also discusses how to white list your desired MAC address and drop the others as well as discussing MAC address spoofing.
|
|
|
04-07-2011, 01:06 AM
|
#5
|
LQ Newbie
Registered: Jan 2011
Posts: 25
Original Poster
Rep:
|
hello sir
i have gone with iptables and i write the rule, but also the system with the mac address which i have drop he can access the net and he is able to browse it, its no use of writing the rule, will u suggest me with correct answer, i think i have to give source and destination how its possible and how to write the rule for it
my syntax as follows
iptables -A INPUT -m mac --mac-source 00:0f:ea:91:04:08 -j DROP
Last edited by amjadask; 04-07-2011 at 01:37 AM.
|
|
|
04-07-2011, 05:19 AM
|
#6
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
My apologies bit I didn't re-read the thread thoroughly enough when I responded with the last Iptables suggestion to note that you wanted to block outbound traffic. The short answer is to add this rule to the OUTPUT chain rather than the INPUT chain in the rule. The long form answer is that this is an example of why it is important for YOU to understand the commands and functions that you are running on your system. I should warn you, again, that bypassing this type of filter is as easy as putting a switch in between the network connection and the PC. Therefore, I would highly recommend the following pieces of information to you:
First, here, is a link to a really good iptables tutorial. Iptables' syntax looks cryptic, but it makes sense once you "get it".
Second, here, is a link to a tutorial on content filtering using iptables. It may have some relevancy to what you are after.
|
|
|
04-07-2011, 07:17 AM
|
#7
|
LQ Newbie
Registered: Jan 2011
Posts: 25
Original Poster
Rep:
|
hi sir
yeah sir i understand abt droping mac address with iptables is not that much secure than writing rules in switch,but with my condition i need to drop in proxy only not in a switch i have gone with your link and i replaced INPUT to outbound as OUTPUT but its throwing an error when am writing a rule its saying as follows
iptables:unknown error 4294967295
thanqs for giving me the continuous response
thanqs sir
|
|
|
04-07-2011, 10:45 AM
|
#8
|
Senior Member
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125
|
I personally haven't seen that error before. I recommend that you Google "iptables unknown error 4294967295" which will give you a lot of hits with different solutions. I wish I could point you at one of them and say, 'this is the answer' but I don't know which if any of them are. The solutions seem to range from being a permissions problem to needing to increase some limit parameters.
|
|
|
All times are GMT -5. The time now is 04:22 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|