Hi guys! As far as I see the MAC-address based ACL is not really based on MAC address. - Squid checks the IP address of the HTTP request. - Looks up the ARP table, and searches for the allowed MAC address. - If the IP has got an ARP entry with the allowed MAC address it will let it through. This is a problem in my case, since there is a firewall in transparent mode between the users workstations and the squid. I would need to allow connections only from the firewall. I couldn't do it IP based, since the firewall is set to keep the source IP of the workstations. But the source MAC is changed by the firewall, however i am not able to filter for it, because of the previously mentioned reasons. Best regards, Attila