Default exam mode in Debian Edu

To: debian-edu@lists.debian.org
Subject: Default exam mode in Debian Edu
From: Petter Reinholdtsen <pere@hungry.com>
Date: Tue, 01 Jul 2008 22:04:34 +0200
Message-id: <[🔎] 2flk5g5e5gt.fsf@klodrik.uio.no>

On IRC just now, a discussion on how to make sure users have to use
the proxy even on thin clients.  The initial proposal was to limit the
gateway to only allow web access for the main server.  This do not
work with thin clients when the main-server also is the LTSP server.

José L. Redrejo Rodríguez proposed this iptables rule to drop all
packages heading for TCP ports 23-120 for all users in the groupname
group.

  iptables -I OUTPUT \
    -p tcp \
    --dport 23:120 \
    -m owner \
    --gid-owner groupname \
    -j DROP

Should we provide such rule by default, and provide a group in LDAP to
enable it?  For example a group like 'netlimit' to block a given user
out from Internet?  It might be better to only limit the traffic to
the local network.  It could be useful during exams?  Should it
include more rules?  Perhaps some hook system to allow more groups or
rules to be handled?

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: Default exam mode in Debian Edu
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Changing clients to automatically find their proxy?
Next by Date: How can we configure OSC Inventory automatically at install time?
Previous by thread: Re: Konqueror: Bug in default Java settings
Next by thread: Re: Default exam mode in Debian Edu
Index(es):
- Date
- Thread