Re: Firefox configuration management

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Alex Dean at <-
MMEric \"Shubes\" at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: George Toft
Date:  
To: Main PLUG discussion list
Subject: Re: Firefox configuration management
Your assumption is correct - squid + DansGuardian

I need a little help.

I tried:
iptables -A OUTPUT -p TCP --dport 80 --uid-owner cff -j REJECT
and got this error:
iptables v1.3.3: Unknown arg `--uid-owner'
Try `iptables -h' or `iptables --help' for more information.

I also tried
iptables -A OUTPUT -p TCP --dport 80 --uid-owner 1001 -j REJECT
with the same error. 

I looked in the man page, and it looks right to me:
        --uid-owner userid
               Matches if the packet was created by a process with the 
given effective user id.


What did I mess up?

George Toft, CISSP, MSIS
623-203-1760



Joshua Zeidner wrote:
> On 1/21/07, George Toft <> wrote:
>
>>I need to set up a Linux workstation (Computers for Families project)
>>that filters content. The workstation is an edubuntu install. Users
>>have a generic login, separate from the admin, and the root account is
>>locked. I added Squid and DansGuardian, which works perfectly once the
>>Firefox connection settings are set to 127.0.0.1:8080. Problem is that
>>any user can override this setting in their local profile.
>>
>>Is there an elegan way to prevent a user from changing this setting and
>>surfing the sites of ill repute?
>>
>>Kluge/Hackjob method 1:
>>I guess I could implement a cronjob that checks to see if firefox has
>>any established port 80 connections, then kills it. Pretty Draconian,
>>but it will get the point across. Make pref.js read-only for the user
>>which restores the proxy settings. Pretty inconvenient for the user :(
>>
>>
>>Thoughts?
>
> 
>    George,

> 
>       I am assuming you are running Squid and DansGaurdian as a
> different user than firefox(  if not you should change it ).  You
> should set iptables to block all packets with destination other than
> localhost:8080 from your browser user( use --uid-owner <firefoxuser>
> switch ).  This will also stop them from using other applications to
> contact internet services of ill repute.

> 
>    -jmz

>
>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-really cool web app for GPLv3Re: Firefox configuration management->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)