Maybe what I want can not be done using BM, but hopefully somebody can point
me to a solution.

I have few static IPs exempt from Internet access via BM Proxy (this is done
using filters)

But I do not want any of my students to "guess" the exempt IP & use it (in
case the real machine is not ON)
and browse Internet unsupervised.

So the solution would be to getMAc address restrictions in place.
Currently BM connect to my ADSL router. Hence EVERY connection from inside
the network (via proxy or not) to Internet shows the MAC of public interface
of BM server.

How to allow only some machines to bypass the proxy using MAC addresses (it
can be by adding extra hardware etc)