[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] blocking browsers + squidguard



Eric Harrison wrote:


//iptables in the 2.4.x kernels have the ablility to account (and block/rate limit) IP traffic by uid and by gid.//


Correct, but this particular feature is not compiled in by default (at least on Red Hat kernels, haven't looked at other distros' configs recently)

To enable this would require a recompile and perhaps a patch. Not something
joe average is going to do.


ok. agreed. I run a dialup modem directly off my K12LTSP server, so it would be very useful for me. (I use squidguard, but users can circumvent it easily by selecting "No Proxy" in their browser settings..) 8-/


I understand most/many K12LTSP installations are the classic dual-nic setup , with external squidguard.

I tested iptables, but had kernel failures when the firewall was scanned heavily.


We've had iptables in production for a long time w/o a single failure.



Mine worked ok, but then I had it *very* severely scanned and the kernel 'Ooops'ed a couple of times during or immediately after the scanning. It was a brutal and perhaps unreasonable test, I know... I still have the details here somewhere..


At your leisure, would you recommend an iptables script to start me off.. or an iptables ruleset builder..? 8-)


hope you had a great weekend.


regards,
Steve






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]