newcomer - multilingual text input

Corey Edwards tensai at
Sat Nov 5 19:06:27 MST 2005

On Fri, 2005-11-04 at 18:11 -0700, Alan Young wrote:
> > phone to get help with a difficult sentence. Now, with a keyboarded
> exam, we need to
> > lock down the computer so they can't contact a colleague by e-mail,
> instant messaging,
> > FTP, etc., but the computermust still access the predesignated
> server to save the
> > translation to the server every five minutes or so.  And a lot of
> time is put into creating
> Well, if you decide to go with a locked down linux server then I would
> suggest 2 things:
> Attach a physical keylogger.
> Install a local firewall that doesn't allow any transfer except on
> port 80 to the designated server.

You'll also have to allow traffic to the DHCP and DNS server. Set a
firewall rule to disallow anything destined for off the local subnet.

	iptables -A OUTPUT -i lo -j ACCEPT
        iptables -A OUTPUT -d -j ACCEPT
        iptables -A OUTPUT -j LOG --log-prefix 'out-packet: '
        iptables -P OUTPUT REJECT

Make sure to set up the client machine to send syslog to the server as
well, and then you'll have a log of any packets the would-be miscreant
tried to send.

You might also configure your DHCP server to not hand out a default
route. That way the machine only knows how to talk on the local network.

And a well placed router ACL or firewall rule certainly wouldn't hurt
either, if you have access. As far as that goes, it wouldn't really make
much difference what OS you use. But if you can only control the desktop
and not any ancillary network equipment, I'd say Linux offers you quite
a lot of advantages.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : 

More information about the PLUG mailing list