Nicolas, On Wed, 28 Jul 2004 08:53:03 +0200 Nicolas Ecarnot <[EMAIL PROTECTED]> wrote:
> > With "filter some access" you mean blocking the internet access fore > > > > some users? [...] > > Or you mean blocking some URLs? > > I meant *both*, and that is why this seems hard for me. > The "quality surfing" issue is resolved by some squiguard research. > But I don't understand how one can completely block some port for > *users* on another host (the firewall) that has no knowledge of things > as users ??? I've haven't played around much with iptables, but Linux being what it is there's probably some crazy hack out there for this. But in any event, is there a reason that you can't just run iptables on the terminal server? That seems a lot easier and the overhead shouldn't be too high. If user = naughty user, then block 80 out. If user = semi-naughty user, then redirect 80 out to squid, else = leave the packets alone. Since you say that you have a lot of terminals, you'd probably want the squid server to be a separate box, but for a little network it could even be all in one place. (And Hi! to the list - been lurking for a while and playing around with LTSP. Good stuff...) -- Todd Pytel ---------------------------------------- Signature attached PGP Key ID 77B1C00C
pgpznY5myGJPh.pgp
Description: PGP signature
