Chase, Brian E. wrote:
The way to do this is with ACL's. Access Control Lists IPtables can perform this function, or an internet gateway router can also be used. The ISR 4000 Series Cisco router family is where I would start, especially if you're in the need for a blade server in the same chassis.
-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of Nicolas Kovacs Sent: Monday, September 18, 2017 1:04 PM To: Centos Mailing List Subject: [CentOS] Block internet access for some users on the LAN ?
Hi,
In our local school we have two servers and roughly 80 clients. The network is 192.168.10.0/255.255.255.0, and DHCP+DNS is managed by Dnsmasq.
School PCs (teachers and management) are registered via MAC address and get an IP address in a specific range:
<snip>
If a client (like a student's laptop, tablet or smartphone) is not registered, it gets an IP address in the range between 192.168.10.100 and 192.168.10.200.
Up until recently I've been using a combination of Squid and Squidguard to filter Internet access.
This year the school's director wants to completely block Internet access for all the student's personal devices.
<snip> If nixspam doesn't gag me again - tried to respond yesterday.
Put anyone whose MAC address isn't registered on a different subnet, like 192.168.11.x, and give your router no route to 9.0.9.9, only to the internal.
As a response to someone else's cmts, the set of kids who knows how they're being blocked is a small subset of all kids, and those who know that a MAC address can be forged is a small subset of the previous. And *then* they'd have to find out a valid MAC address.
On top of that, it would seem to me that the ones for whom you have a registered MAC address is either hardwired, and so on, permanently, or the teachers and staff are in before the students, mostly, and so when a student tries to spoof the MAC, they get refused, since the real system already has the IP address.
mark