> > > Dear Amos, > > Thanks for your quick reply... I am not talking about a single user > actually. There will be around 150 to 200 users. If i config the following > (i didnt find any other way from my understanding); > > acl users_mac arp "/list-of-mac" > acl users_ip ip "/list-of-ip" > acl target_acl dstdom_regexp *.* > > http_access allow users_mac users_ip target_acl > http_access deny all > > here users are granted access based on a pool of IP. if user abc who have > mac 00:42:4B:3C:50:4B can take any IP address for that 100 or 150 IP list > from "/list-of-ip" and use the internet. > > Rather i want to restrict user abc with his MAC to use ONLY one ip, say > 192.168.0..10 to access internet. If he use any other IP, even from the > allowed pool, squid should BLOCK his request. > > Thats why i mentioned like allowing based on MAC+IP pair (if any of the > part of this pair is changed, INTERNET IS BLOCKED) > > Please advice me, if possible, how can i build up the acl. > In which case... To do it the hard way with Squid, you will need an external_acl_type helper which takes the IP address and locates the MAC address then checks they are a match to your list. Patches for 3.HEAD to send the MAC from squid to the external helper are welcome. Amos