Hi,
I was curious on how you could limit users surfing the Internet, I found KobrAs's guide useful :)
I setup a group called Internet and assigned users to it and apply this to my iptable
Code:
iptables -t filter -A OUTPUT -p tcp -dport 80 --match owner --gid-owner 501 -j DROP
This worked great, but I was wondering if you had your users logging in all over your network
using LDAP, How could you make these rules apply still?
Quote:I found KobrAs's guide useful
which guide is that ? i'd like to read it
cheers
anyweb
Quote:Hi,
I was curious on how you could limit users surfing the Internet, I found KobrAs's guide useful :)
I setup a group called Internet and assigned users to it and apply this to my iptable
Code:
iptables -t filter -A OUTPUT -p tcp -dport 80 --match owner --gid-owner 501 -j DROP
<div>
This worked great, but I was wondering if you had your users logging in all over your network
using LDAP, How could you make these rules apply still?
</div>
[img]<___base_url___>/uploads/emoticons/default_dry.png[/img] .. how about proxy the users... and only allow the proxy through?
Yea, I been told there is a proxy enviroment varable which I can set.
no you want to setup a proxy for your clients to get through.. for example you drop all outbound traffic on port 80 on your firewall but from your proxy machine. Then load up squid on it and you can have people login in order to get access to the web.. then i think in squid you can do some sort of QOS and traffic shaping
yea I was looking at squid hijinks, I may have a go at messing with it