Shorewall users - May 2012 - MAC Verification question

Hi all, hi Tom

I have a question about Mac Verification, i got a network with +-200 pc, 
i using squid for filtering websites, my problem is i have some people 
who change is IP address for bypass the Squid Filtering Rules using IPs 
with full access, is there anyway to use mac verificacion on those IP 
who have full access to internet, something likes this ...

/etc/shorewall/shorewall.conf

MACLIST_DISPOSITION=ACCEPT

/etc/shorewall/maclist

DROP        eth4        !00:1F:79:CD:FE:2E        192.168.2.204  #Full 
internet access



Thanks for your time.

Ricardo.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

2012/5/22 Ricardo Rios
<shorewall@malargue.gov.ar>:
> Hi all, hi Tom
>
> I have a question about Mac Verification, i got a network with +-200 pc,
> i using squid for filtering websites, my problem is i have some people
> who change is IP address for bypass the Squid Filtering Rules using IPs
> with full access, is there anyway to use mac verificacion on those IP
> who have full access to internet, something likes this ...
>
> /etc/shorewall/shorewall.conf
>
> MACLIST_DISPOSITION=ACCEPT
>
> /etc/shorewall/maclist
>
> DROP        eth4        !00:1F:79:CD:FE:2E        192.168.2.204  #Full
> internet access
>
>
>
> Thanks for your time.
>
> Ricardo.
>
Hi , you could  try with this reference

http://www.shorewall.net/MAC_Validation.html

regardss


-- 
rickygm

http://gnuforever.homelinux.com

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

Hi everyone,

This sounds like the wrong tool for the job.
If users are crafty enough to change IP addresses they will surely get 
around the MAC address badlist by
simply changing the MAC address.
The outlined article has the following disclaimer as well: "Do not use 
MAC verification as your only security measure"

The impression I get here is that Shorewall is being used to solve a 
more pressing security issue, such as why his 200 users are allowed
to change settings on their computer.

IMHO, the solution here is to fix that problem first.
The next thing is to secure the Squid proxy and block all outbound web 
traffic except the traffic coming from the Squid proxy.
Squid integrates fairly well with Active Directory and can authenticate 
users in the directory as well as determine if they can
or cannot access certain websites.
This a configuration that I use and it works very well, but my users 
can''t change their network settings.
**
On 5/23/2012 10:24 AM, troxlinux wrote:
> 2012/5/22 Ricardo Rios<shorewall@malargue.gov.ar>:
>> Hi all, hi Tom
>>
>> I have a question about Mac Verification, i got a network with +-200
pc,
>> i using squid for filtering websites, my problem is i have some people
>> who change is IP address for bypass the Squid Filtering Rules using IPs
>> with full access, is there anyway to use mac verificacion on those IP
>> who have full access to internet, something likes this ...
>>
>> /etc/shorewall/shorewall.conf
>>
>> MACLIST_DISPOSITION=ACCEPT
>>
>> /etc/shorewall/maclist
>>
>> DROP        eth4        !00:1F:79:CD:FE:2E        192.168.2.204  #Full
>> internet access
>>
>>
>>
>> Thanks for your time.
>>
>> Ricardo.
>>
> Hi , you could  try with this reference
>
> http://www.shorewall.net/MAC_Validation.html
>
> regardss
>
>


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/