Hi,
I'd like to know if it is possible to enforce a squid acl to check, at the
same time, the couple IP and MAC address; I mean to verify that a requests
come from a couple ip and mac specified. Anybody had already done it?

Luca
--
Luca Ferrari,
fluca1978 [at] infinito.it
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo [at] vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Hi Luca

It can be done. The FAQ says so...

The access control has the "arp" keyword. According the FAQ you have to
have compiled squid with the --enable-arp-acl switch to enable this.

I think you would use it such:

acl USERARP arp arp1 arp2
acl USERSRC src src1 src2
http_access allow USERARP USERSRC

Since ACL entries are or'd and ACCESS is AND'd.

On Wed, 20 Apr 2005 10:43:53 -0600, Luca Ferrari <fluca1978 [at] infinito.it>
wrote:

> Hi,
> I'd like to know if it is possible to enforce a squid acl to check, at
> the
> same time, the couple IP and MAC address; I mean to verify that a
> requests
> come from a couple ip and mac specified. Anybody had already done it?
>
> Luca



--
| Richard Nairn Specializing in Linux
| Nairn Consulting Web / Database Solutions
| Calgary, AB
| Richard [at] NairnConsulting.ca
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo [at] vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

On Wednesday 20 April 2005 21:25 Richard Nairn's cat walking on the keyboard
wrote:

> Hi Luca
>
> It can be done. The FAQ says so...
>
> The access control has the "arp" keyword. According the FAQ you have to
> have compiled squid with the --enable-arp-acl switch to enable this.
>
> I think you would use it such:
>
> acl USERARP arp arp1 arp2
> acl USERSRC src src1 src2
> http_access allow USERARP USERSRC
>
> Since ACL entries are or'd and ACCESS is AND'd.
>

I already do this, but this implies that a valid ip and mac in the two acls
can connect, while I need to check if a couple ip and mac (not any
combination of them) can connect.

Luca

--
Luca Ferrari,
fluca1978 [at] infinito.it
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo [at] vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

I think it's best for you to use INPUT chain for such filtering. Just
match port number for squid.

--Adrian.

Luca Ferrari wrote:

>On Wednesday 20 April 2005 21:25 Richard Nairn's cat walking on the keyboard
>wrote:
>
>
>
>>Hi Luca
>>
>>It can be done. The FAQ says so...
>>
>>The access control has the "arp" keyword. According the FAQ you have to
>>have compiled squid with the --enable-arp-acl switch to enable this.
>>
>>I think you would use it such:
>>
>>acl USERARP arp arp1 arp2
>>acl USERSRC src src1 src2
>>http_access allow USERARP USERSRC
>>
>>Since ACL entries are or'd and ACCESS is AND'd.
>>
>>
>>
>
>I already do this, but this implies that a valid ip and mac in the two acls
>can connect, while I need to check if a couple ip and mac (not any
>combination of them) can connect.
>
>Luca
>
>
>

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo [at] vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html