After some confirmation that I have thinking right in this scenario.

We have a number of wired and wireless machines which presently have direct internet access. I also have a Linux (Ubuntu) server which is used as a file server for the network.

Essentially I would like to be able to turn internet access on and off for machines.

My plan is to block these machines by MAC address at the router. I would then set up a proxy server on the Linux box (ie Squid) so that the machines I wish to restrict can access the internet via the proxy. As I can adjust access via ACLs in squid, I would be able to switch on or off a machines access to the internet without having to further adjust the router's MAC rules. And of course I could go further and create a few scripts to assist with this admin task.

Does this seem sound and have I over looked anything? Any help greatly appreciated.

Simon.