Re: Block internet access for some users on the LAN ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Iptables is a very reasonable way to do it, basically you decide what devices should have Internet access, create accept rules for them and then have a default deny for everything else.

----- Original Message -----
From: "Nicolas Kovacs" <info@xxxxxxxxxxxxx>
To: "centos" <centos@xxxxxxxxxx>
Sent: Monday, September 18, 2017 12:03:56 PM
Subject:  Block internet access for some users on the LAN ?

Hi,

In our local school we have two servers and roughly 80 clients. The
network is 192.168.10.0/255.255.255.0, and DHCP+DNS is managed by Dnsmasq.

School PCs (teachers and management) are registered via MAC address and
get an IP address in a specific range:

192.168.10.2 - 192.168.10.50 - management + teachers

192.168.10.201 - 192.168.10.220 - computer room

192.168.10.246 - 192.168.10.247 - printers

192.168.10.251 - 192.168.10.253 - wireless access points

If a client (like a student's laptop, tablet or smartphone) is not
registered, it gets an IP address in the range between 192.168.10.100
and 192.168.10.200.

Up until recently I've been using a combination of Squid and Squidguard
to filter Internet access.

This year the school's director wants to completely block Internet
access for all the student's personal devices.

The Linux server acts as a transparent gateway. Unfortunately with Squid
I can only filter/block HTTP connections, but not HTTPS (well, I could,
but this is way too complicated to setup).

The firewall is managed by a simple Iptables script. Now I *think* the
easiest way to block a certain IP range from Internet access would be
through Iptables (correct me if I'm wrong). If this is the case, what
would that look like?

Any suggestions?

Niki Kovacs

-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : info@xxxxxxxxxxxxx
Tél. : 04 66 63 10 32
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux