Re: Nice init script for firewall to force users through squid
>> But anyway, I dont think Debian Edu should ship low level firewall scripts
>> based on iptables. Thats way too complicated and error-prone. Instead I'd
>> suggest we use a shorewall based solution.
> or "ferm"
Or something else. :)
I am sure we find a good system to implement the rules we want to
implement. But before we start there, we need to agree on how such
limitations should behave. I have a few wishes:
- Dynamically enabled and disabled for hosts and users at runtime,
based on information in LDAP (netgroups?).
- Make sure multimedia web sites keep working.
I am sure there are other features we need to implement as well. :)
Should it be opt-in or out (as in, should users and hosts have full
access and group membership enable limitations, or have no access, and
group membership disable limitations)?