epoptes team mailing list archive

Thread
Date

Re: [Question #247725]: possibility to block internet on clients

To: epoptes@xxxxxxxxxxxxxxxxxxx
From: Fotis Tsamis <question247725@xxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 27 Apr 2014 14:41:32 -0000
Reply-to: question247725@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Question #247725 on Epoptes changed:
https://answers.launchpad.net/epoptes/+question/247725

    Status: Open => Answered

Fotis Tsamis proposed the following answer:
Hello Oliver,

We've thought of using iptables for blocking internet access. The
problem is with LTSP (thin) clients.

Thin clients access the internet (and do everything else) through the
server, so, we would need to block the internet access from the server.
There is an iptables module (owner) that can filter outgoing packets
per-user which works well for our case, but the problem is that we, in
no way, want to require server sudo access in epoptes. We were thinking
of a suid program, and some other hacks to accomplish internet blocking
on every type of client or using squid, but we haven't came up with
something that we are fully satisfied yet.

There are plans to implement this, we just need to find a clean and
secure way of doing it.

-- 
You received this question notification because you are a member of
Epoptes Developers, which is an answer contact for Epoptes.