The way to do this is with ACL's. Access Control Lists IPtables can perform this function, or an internet gateway router can also be used. The ISR 4000 Series Cisco router family is where I would start, especially if you're in the need for a blade server in the same chassis.
-----Original Message----- From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Nicolas Kovacs Sent: Monday, September 18, 2017 1:04 PM To: Centos Mailing List Subject: [CentOS] Block internet access for some users on the LAN ? Hi, In our local school we have two servers and roughly 80 clients. The network is 192.168.10.0/255.255.255.0, and DHCP+DNS is managed by Dnsmasq. School PCs (teachers and management) are registered via MAC address and get an IP address in a specific range: 192.168.10.2 - 192.168.10.50 - management + teachers 192.168.10.201 - 192.168.10.220 - computer room 192.168.10.246 - 192.168.10.247 - printers 192.168.10.251 - 192.168.10.253 - wireless access points If a client (like a student's laptop, tablet or smartphone) is not registered, it gets an IP address in the range between 192.168.10.100 and 192.168.10.200. Up until recently I've been using a combination of Squid and Squidguard to filter Internet access. This year the school's director wants to completely block Internet access for all the student's personal devices. The Linux server acts as a transparent gateway. Unfortunately with Squid I can only filter/block HTTP connections, but not HTTPS (well, I could, but this is way too complicated to setup). The firewall is managed by a simple Iptables script. Now I *think* the easiest way to block a certain IP range from Internet access would be through Iptables (correct me if I'm wrong). If this is the case, what would that look like? Any suggestions? Niki Kovacs -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Web : http://www.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
