Your assumption is correct - squid + DansGuardian I need a little help. I tried: iptables -A OUTPUT -p TCP --dport 80 --uid-owner cff -j REJECT and got this error: iptables v1.3.3: Unknown arg `--uid-owner' Try `iptables -h' or `iptables --help' for more information. I also tried iptables -A OUTPUT -p TCP --dport 80 --uid-owner 1001 -j REJECT with the same error. I looked in the man page, and it looks right to me: --uid-owner userid Matches if the packet was created by a process with the given effective user id. What did I mess up? George Toft, CISSP, MSIS 623-203-1760 Joshua Zeidner wrote: > On 1/21/07, George Toft wrote: > >>I need to set up a Linux workstation (Computers for Families project) >>that filters content. The workstation is an edubuntu install. Users >>have a generic login, separate from the admin, and the root account is >>locked. I added Squid and DansGuardian, which works perfectly once the >>Firefox connection settings are set to 127.0.0.1:8080. Problem is that >>any user can override this setting in their local profile. >> >>Is there an elegan way to prevent a user from changing this setting and >>surfing the sites of ill repute? >> >>Kluge/Hackjob method 1: >>I guess I could implement a cronjob that checks to see if firefox has >>any established port 80 connections, then kills it. Pretty Draconian, >>but it will get the point across. Make pref.js read-only for the user >>which restores the proxy settings. Pretty inconvenient for the user :( >> >> >>Thoughts? > > > George, > > I am assuming you are running Squid and DansGaurdian as a > different user than firefox( if not you should change it ). You > should set iptables to block all packets with destination other than > localhost:8080 from your browser user( use --uid-owner > switch ). This will also stop them from using other applications to > contact internet services of ill repute. > > -jmz > > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss