Hi,
can someone with perl programing skills please help me with this problem:
Parental Control is an important system component for having peace of mind when you leave the computer to your kids for browsing the web. Windows and Mac users have Parental Control for a long time and it was big news when it was first introduced to Linux by Mandriva some time ago. In PCLinuxOS we can have Parental Control after installing 'drakguard' and it works very well. The only problem is that the user 'root' is included in the Parental Control rules, which means that, when Parental Control is enabled, root has restricted Internet access and worse, you will get a 'bzip2 error' when downloading packages or refreshing the package cache in Synaptic; you will definitely get this error after changing to a different repo in Synaptic. This means, that in its present setup, you have to disable Parental Control if you want to install a package or update your system, and after that enable Parental Control again. This is a workaround but it should not be like that.
Now, I found a solution but maybe you know of a smarter way to fix this problem:
After installing drakguard we have a new file "/etc/shorewall/rules.drakx".
The two steps to be applied are:
1) at the beginning of /etc/shorewall/rules.drakx (apparently it must be the first line!) add this line:
ACCEPT+ fw net tcp http - - - root and then save the file. (This means, provide the user root full Internet access, and thus there will be no problems when downloading packages in Synaptic.)
2) reload shorewall:
/etc/init.d/shorewall reload (this will re-compile and start the new configuration)
after these two steps Parental Control still works perfectly fine and root can now use Synaptic without any problems.
Our Parental Control is the same as in Mandriva and in Mandriva you can update the system while Parental Control is running without having to set any additional rules. I do not know how the Mandriva setup differs from ours, I just found that the above two steps make our setup work properly. Parental Control is driven by shorewall, which is written in Perl. Can someone with Perl (and firewall) skills help out and find a way to exclude the user root from a running Parental Control? I browsed the
shorewall documentation but have no idea how to apply such an exception rule. The two steps above simply add the user 'root' to the all-allowed users list in Parental Control in the PCC but there should be a better solution without showing root as a user in the Parental Control list, like in Mandriva.
I really hope this can be fixed. Many of you may think that Parental Control is not important but in fact if you have kids it is a
decisive component when choosing a Linux distro, it is simply a must-have, and imo PCLOS should have Parental Control working out of the box. I repeat, Parental Control itself already does work very well, it just applies restricted access also to the user root, which is wrong and causes problems when using Synaptic. Please let me know if you have any idea how to fix that. This is bugging me for the last 6 month and I really would like to get this properly solved now...
best,
-pinoc
