blocking p2p

Message

p3nguin · Post by **p3nguin** » Sat Jan 31, 2004 3:51 am

Whats the easyest way to block file sharing programs? I am currently running Linux firewall.

p3nguin · Post by **p3nguin** » Sat Jan 31, 2004 4:01 am

iptables -t mangle -I FORWARD 1 -i eth0 -m recent --update --seconds 60 --rdest --name kazaa -j kazza-out
iptables -t mangle -I FORWARD 2 -i eth1 -m recent --update --seconds 60 --rsource --name kazaa
iptables -t mangle -I FORWARD 3 -i eth1 -m string --string "X-Kazaa" -m recent --name kazaa --set --rsource
iptables -t mangle -I FORWARD 4 -o eth1 -m string --string "X-Kazaa" -m recent --name kazaa --set --rdest -j kazza-out

would this work? do i leave kazaa in all of those commands or is that some sort of variable?

ectospasm · Post by **ectospasm** » Sat Jan 31, 2004 4:03 am

Have a look at this Linux Journal article:

http://linuxjournal.com/article.php?sid=6945

CheshireCat · Post by **CheshireCat** » Sat Jan 31, 2004 4:03 am

The easiest way is to block their ports w/ iptables. The main problem with this is that most can change ports nowadays. You may want to take a look at http://l7-filter.sourceforge.net/. It identifies traffic based on content, and can be used with iptables to drop P2P traffic (for protocols that it knows about). There's also a link on that page to a page for an "IPP2P" module, a netfilter modules that provides a yes/no decision on whether a given packet is P2P.