[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Nice init script for firewall to force users through squid

[Florian Reitmeir]
>> But anyway, I dont think Debian Edu should ship low level firewall scripts 
>> based on iptables. Thats way too complicated and error-prone. Instead I'd 
>> suggest we use a shorewall based solution. 
> or "ferm"

Or something else. :)

I am sure we find a good system to implement the rules we want to
implement.  But before we start there, we need to agree on how such
limitations should behave.  I have a few wishes:

 - Dynamically enabled and disabled for hosts and users at runtime,
   based on information in LDAP (netgroups?).

 - Make sure multimedia web sites keep working.

I am sure there are other features we need to implement as well. :)

Should it be opt-in or out (as in, should users and hosts have full
access and group membership enable limitations, or have no access, and
group membership disable limitations)?

Happy hacking,
Petter Reinholdtsen

Reply to: