[Exizl del Fuego]

Hey guys, I've got a few flat screened iMacs set up at a university to act as kiosks to the school's online student account settings (where student can go to register, add/drop classes, check GPA, etc). These iMacs are connecting over Airport to an ethernet port.

The problem that the Registrar's office is having is that people keep using these kiosks for email access and general web site browsing. So I was wondering if there was a way, client side (or at the airport base station), to limit internet access to just the student account site. Thanks for any ideas.

[car1son]

First, you could get shareware app Little Snitch , install and config it to alow only outgoing connections for your chosen browser to your chosen website(s), and have it block everything else, then lock its settings.

Altermatively, asserting admin privileges in the Terminal to type some Unix built-in firewall commands such as:

sudo /sbin/ipfw -at list
sudo /sbin/ipfw add 1000 allow tcp from any to 1.2.3.4 out
sudo /sbin/ipfw add 1050 deny tcp from any to any via en1 out

(Where 1.2.3.4 is the IP of the site to allow. You'll be asked to type your admin password for the first sudo command. That blocks all airport communication from the Mac to anywhere except IP 1.2.3.4. Type "man sudo" or "man ipfw" to learn the details of what these do.))

Embarassed aside: For the first version of those Terminal commands I tried out, I left out the "via en1" in the 1050/deny, and had to boot back into single user mode to reclaim my system, since it also blocked lo* access. Boy does that make a mess of things. Oops.

"For 'tis the sport to have the engineer
Hoist with his own petard."