> Wouldn't it be easier to put a transparent squid proxy upstream of the > connection, rather than mucking with ugly iptables rules per user, etc?
No, squid unfortunately doesn't always work. Try watching a movie on Hulu through a squid proxy. Another thing, I'm not sure how to configure squid to deny Net access entirely. I don't think the iptables rules are all that ugly. Blocking packets based on destination network and user is the simplest way I can think of to stop Net access. _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
