RE: [squid-users] MAC bacsed ACL

From: SSCR Internet Admin <admin@dont-contact.us>
Date: Wed, 19 Feb 2003 14:25:29 -0800

This will be accomplished by making a pinpoint ACL ip address in a file

Example:

acl limited src "/etc/squid/limited"

and inside limited file you can have

192.168.100.2/32
.
.
.
192.168.xxx.yyy/32

AND

ACL full_access src "/etc/squid/full"

xxx.xxx.xxx.xxx/32 and so on

That would ease your problem, and if they change ip address, they will not
have an access to the internet since you are not allowing an entire network.

Regards
Nats

-----Original Message-----
From: hare ram [mailto:hareram@sol.net.in]
Sent: Tuesday, February 18, 2003 9:55 PM
To: Henrik Nordstrom
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] MAC bacsed ACL

Hi Henrik

You were saying the MAC based ACL is no so Secure
then what methode is secure,
if i does the the IP based Access List
User can change any free IP and Start Browsing, and other PC who have the
same IP will have IP conflict or so.

what is the recomendation for the securing the access for the user to use
the same PC rather move or connect the LAN connection to another PC

suggetion will appriciate

hare
----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "hare ram" <hareram@sol.net.in>
Cc: <squid-users@squid-cache.org>
Sent: Tuesday, February 18, 2003 10:06 PM
Subject: Re: [squid-users] MAC bacsed ACL

> Why are you using MAC based ACLs? MAC based acls are technically NOT
> more secure than IP based ACLs, only more complex to define as each MAC
> address is 12 hex numbers..
>
> 200 MAC addresses is not very many for Squid to manage. To ease
> management I would recommend putting them in a separate file and include
> this from squid.conf if you have not already done so.
>
> Regards
> Henrik
>
>
> tis 2003-02-18 klockan 16.45 skrev hare ram:
> > Hi all
> >
> > iam trying to make MAC based ACL, i have 200PC MAC based ACL, looks very
> > long,
> > does any one have alternative method to use this 200 MAC address ACL in
> > short
> >
> > thanks
> > hare
> --
> Henrik Nordstrom <hno@squid-cache.org>
> MARA Systems AB, Sweden
>
>

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003
Received on Tue Feb 18 2003 - 23:27:47 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:28 MST