все есть в факе сквида !
10.20 Can I set up ACL's based on MAC address rather than IP?
Yes, for some operating systes. Squid calls these ``ARP ACLs'' and they are supported on Linux, Solaris, and probably BSD variants.
NOTE: Squid can only determine the MAC address for clients that are on the same subnet. If the client is on a different subnet, then Squid can not find out its MAC address.
To use ARP (MAC) access controls, you first need to compile in the optional code. Do this with the --enable-arp-acl configure option:
% ./configure --enable-arp-acl ...
% make clean
% make
If src/acl.c doesn't compile, then ARP ACLs are probably not supported on your system.
If everything compiles, then you can add some ARP ACL lines to your squid.conf:
acl M1 arp 01:02:03:04:05:06
acl M2 arp 11:12:13:14:15:16
http_access allow M1
http_access allow M2
http_access deny all
запретить подмену ip можно средстваи системы командой arp:
arp /?
Пример:
arp -s 157.55.85.212 00-aa-00-62-c6-09 ... Добавляет статическую запись.
arp -a ... Выводит ARP-таблицу.
запихать команды arp -s в батник и запихать его в автозагрузку
|