On 1/21/07, George Toft wrote: > I need to set up a Linux workstation (Computers for Families project) > that filters content. The workstation is an edubuntu install. Users > have a generic login, separate from the admin, and the root account is > locked. I added Squid and DansGuardian, which works perfectly once the > Firefox connection settings are set to 127.0.0.1:8080. Problem is that > any user can override this setting in their local profile. > > Is there an elegan way to prevent a user from changing this setting and > surfing the sites of ill repute? > > Kluge/Hackjob method 1: > I guess I could implement a cronjob that checks to see if firefox has > any established port 80 connections, then kills it. Pretty Draconian, > but it will get the point across. Make pref.js read-only for the user > which restores the proxy settings. Pretty inconvenient for the user :( > > > Thoughts? George, I am assuming you are running Squid and DansGaurdian as a different user than firefox( if not you should change it ). You should set iptables to block all packets with destination other than localhost:8080 from your browser user( use --uid-owner switch ). This will also stop them from using other applications to contact internet services of ill repute. -jmz -- .0000. communication. .0001. development. .0010. strategy. .0100. appeal. JOSHUA M. ZEIDNER IT Consultant ++power; ++perspective; ++possibilities; ( 602 ) 490 8006 jjzeidner@gmail.com --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss