I have a desktop user account set up on 11.04 with limited internet access (firefox is locked down, other browsers can't be used, etc.). The problem is that this user can bypass all of these restrictions simply by running the tor browser bundle, either from a usb drive or locally. I would like to prevent this user from being able to do this, but I'm not quite sure how to proceed. Two options that I've considered:
1. using iptables to prevent tor from connecting. I'm new at iptables, and I've tried to configure it to block what I think are the right range of ports (9001 and anywhere from 30000 to 60500, at least). However, my attempts here haven't been successful. Any idea how I might go about doing this?
2. denying the user the rights to launch tor. Since it can be launched from a usb drive, I don't think that using chmod to deny the user privileges to run it will work (but I may be wrong). Is there a way to prevent a user from running the text file "start-tor-browser" as an executable? I know that you can do this by going into nautilus>preferences>behavior and clicking "View executable text files when they are opened". But this is not a permanent fix, and can easily be undone by the user.
Any suggestions would be appreciated!