[Server-devel] nocat/internet restriction plans

Daniel Drake dsd at laptop.org
Thu Jan 14 13:10:22 EST 2010


I've read the threads about NoCat and am a little confused about the
plan for restricting internet access to XOs.

Is Jerry's suggestion (at http://members.shaw.ca/jvonau/pub/iptables/)
designed to complement NoCatAuth, or is it a standalone replacement?

At which point do we add and remove these iptables rules to control
access? Upon DHCP lease generation and expiration? Upon ejabberd
connection/disconnection?

Depending on the approach taken we may have to consider the situation
where the XS is rebooted in the middle of a classroom session - we
need to restore connectivity to all active XOs without having to get
them to reboot/reconnect.

Any considerations for allowing connectivity from non-XO workstations
(e.g. ones that are connected to the network though ethernet, in the
staff offices etc)?

I can work on this but would appreciate some pointers from those of
you who have thought through it already.

Daniel


More information about the Server-devel mailing list