[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Default exam mode in Debian Edu

On IRC just now, a discussion on how to make sure users have to use
the proxy even on thin clients.  The initial proposal was to limit the
gateway to only allow web access for the main server.  This do not
work with thin clients when the main-server also is the LTSP server.

José L. Redrejo Rodríguez proposed this iptables rule to drop all
packages heading for TCP ports 23-120 for all users in the groupname

  iptables -I OUTPUT \
    -p tcp \
    --dport 23:120 \
    -m owner \
    --gid-owner groupname \
    -j DROP

Should we provide such rule by default, and provide a group in LDAP to
enable it?  For example a group like 'netlimit' to block a given user
out from Internet?  It might be better to only limit the traffic to
the local network.  It could be useful during exams?  Should it
include more rules?  Perhaps some hook system to allow more groups or
rules to be handled?

Happy hacking,
Petter Reinholdtsen

Reply to: