diff options
Diffstat (limited to 'core/modules/kiosk-common/data/opt/openslx/lightdm')
-rw-r--r-- | core/modules/kiosk-common/data/opt/openslx/lightdm/autologin.d/10-kiosk-mode | 9 | ||||
-rw-r--r-- | core/modules/kiosk-common/data/opt/openslx/lightdm/guest-account.d/00-iptables | 26 |
2 files changed, 35 insertions, 0 deletions
diff --git a/core/modules/kiosk-common/data/opt/openslx/lightdm/autologin.d/10-kiosk-mode b/core/modules/kiosk-common/data/opt/openslx/lightdm/autologin.d/10-kiosk-mode new file mode 100644 index 00000000..b740496b --- /dev/null +++ b/core/modules/kiosk-common/data/opt/openslx/lightdm/autologin.d/10-kiosk-mode @@ -0,0 +1,9 @@ +#!/bin/ash +# ^SOURCED + +# kiosk mode? +if [ -n "$SLX_BROWSER_URL" ]; then + exec /opt/openslx/scripts/kiosk-launch +fi + +true diff --git a/core/modules/kiosk-common/data/opt/openslx/lightdm/guest-account.d/00-iptables b/core/modules/kiosk-common/data/opt/openslx/lightdm/guest-account.d/00-iptables new file mode 100644 index 00000000..38e4893a --- /dev/null +++ b/core/modules/kiosk-common/data/opt/openslx/lightdm/guest-account.d/00-iptables @@ -0,0 +1,26 @@ +#!/bin/ash +# ^ SOURCED + +kiosk_rules="/opt/openslx/iptables/rules.d/90-kiosk" +cat <<-EOF > "$kiosk_rules" + #!/bin/ash + + iptables -w -A ipt-helper-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT + iptables -w -I ipt-helper-OUTPUT 1 -o br0 -d 132.230.0.0/16 -j ACCEPT + iptables -w -I ipt-helper-INPUT 1 -i br0 -d 132.230.0.0/16 -j ACCEPT + iptables -w -I ipt-helper-OUTPUT 1 -o br0 -d 10.0.0.0/8 -j ACCEPT + iptables -w -I ipt-helper-INPUT 1 -i br0 -d 10.0.0.0/8 -j ACCEPT + + iptables -P INPUT DROP + iptables -P FORWARD DROP + iptables -P OUTPUT DROP +EOF + +chmod +x "$kiosk_rules" + +# HACK: wait for iptables helper to setup the rules... +sleep 2 + +# make sure it is cleared on session close +echo "rm -f \"$kiosk_rules\"" > "/etc/X11/Xreset.d/clear-kiosk-iptables" +true |