Alex King <alex@king.net.nz> wrote:
I'm not familiar with GuardDog. I normally use the "under the bonet" type tool called iptables. You are correct that firewall rules in linux are not user-specific, ie, they can only restrict the whole machine, and cannot place per user restrictions.
iptables can do per-user restrictions. From man iptables, in amongst the 'owner' module: --uid-owner userid Matches if the packet was created by a process with the given effective user id. Back to the original question: sounds like a web terminal is needed. I've done that in the past by running just X and a browser full-screen, with it set to restart X and the browser if someone quits it. No desktop environment, no window manager, no nothing. Some web sites can cause problems, opening new windows and other nasties, which you can't manage because you have no window manager, but if you control the only permitted site, that's not going to be a problem. I think there are X-terminal HOWTOs and similar at http://www.tldp.org/ I'd love to develop one of these again, if anyone's paying... ;-) otherwise, just take the idea and run with it. Hope that helps, -- MJ Ray - see/vidu http://mjr.towers.org.uk/email.html Somerset, England. Work/Laborejo: http://www.ttllp.co.uk/ IRC/Jabber/SIP: on request/peteble.