Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Denis Sechin2017-06-10 17:41:21
System administration
Denis Sechin, 2017-06-10 17:41:21

Deny Internet access to static addresses?

Given: ubuntu 16.04 - iptables software gateway, isc-dhcp-server, squid, 50 computers, air and wired, behind the LAN gateway, all receive Ip through the ubuntu gateway. We urgently need to prohibit a certain user from accessing a single resource, namely youtube.com. (squid is baked). The ban through the forward iptables chain does not roll, as the user simply changes the ip. to another static one. I know that in Tsysk in the dhtsp settings, you can cut such cunning users and disable the stat. addresses. How to implement this in ubuntu? binding on the poppy does not roll, as the user and the poppy. quietly changes. stat. arp table? but then you have to prescribe the stat. arp on each host is a hassle. Through ex. switch? how to implement? In general, I will be glad to hear your ideas!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
S
Sergey, 2017-06-10
@tamogavk

If the switch is smart, then move this honorable user to a separate Wealan and for this Wealan, or cut the speed to the Internet. Or set a traffic limit. Or set limits. I think that it will definitely not start running on sockets with a wire). In general, I adhere to the idea that one port - one IP address. Drop the rest. ) but it already needs an appropriate piece of iron. Or raise a pppoe server. Transfer everyone to it ... and cheaply and full control over accounts)))
Or implement AD in the network. Then simply block the ability to change network settings with security policies. You'll have to sweat a lot to get around this.

Report
D
Dmitry Tallmange, 2017-06-10
@p00h

Return squid, with user authorization.

Report
D
Dmitry Shitskov, 2017-06-10
@Zarom

I see such an option - when issuing an ip-address via dhcp, execute a script that adds allow or deny rules to iptables.
jpmens.net/2011/07/06/execute-a-script-when-isc-dh...
Another question is how do you block youtube without squid? Yes, and if your user guesses my poppy, then he will gladly use vpn / anonymizer

Report
A
Alexander, 2017-06-10
@NeiroNx

Usually, such users are severely reprimanded for using the Internet for other purposes, with a record in the labor force and deprivation of the bonus.
First of all, the white list helps from changing poppy and un. And secondly, you can act administratively by prohibiting the user from changing anything, using personal laptops in the corporate network, etc.

Similar questions
W
William Horn2019-11-22 00:17:08
How to get the id of the message sent by the bot? 2Reply
O
oleg92015-09-05 18:00:14
What areas of programming require serious knowledge of mathematics? 2Reply
D
Deyle2021-01-25 13:35:05
Using Apple Business Manager in Russia? 2Reply
P
pashaxp2015-01-10 11:28:01
How to do a fully automatic installation of Debian OS? 3Reply
A
Alexey Artyushevsky2019-06-03 12:28:41
Which flash drive to choose for installing VMware esxi? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question