Re: [LARTC] Blocking p2p traffic

Tue, 08 Jun 2004 13:08:15 -0700 

Am Dienstag, 8. Juni 2004 21:15 schrieb Walter Wickersham:
> Greetings, I've searched, found ftwall, and some other commercial
> solutions, but am wondering if anyone on this list has any solutions using
> a linux firewall to block p2p traffic, more specifically Kazaa.
>
Hi,

I've integrated ipp2p 
(http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html) in my 
shorewall-firewall (http://www.shorewall.net/) setup:

in /etc/shorewall/start (create the file if not there)
#######
# ipp2p
#######
echo -n " � �starting ipp2p � "

# ip2pp for appleJuice
echo -n "(appleJuice) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --apple �-j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --apple �-j LOG --log-level 6 \
        --log-prefix "ipp2p: appleJuice-traffic "

# ip2pp for dc
echo -n "(DC) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --dc � �-j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --dc � �-j LOG --log-level 6 \
        --log-prefix "ipp2p: dc-traffic "

# ip2pp for gnutella
echo -n "(gnutella) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --gnu � -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --gnu � -j LOG --log-level 6 \
        --log-prefix "ipp2p: gnutella-traffic "

# ip2pp for eDonkey
echo -n "(eDonkey) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --edk � -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --edk � -j LOG --log-level 6 \
        --log-prefix "ipp2p: eDonkey-traffic "

# ip2pp for kazaa
echo -n "(kazaa) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --kazaa -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --kazaa -j LOG --log-level 6 \
        --log-prefix "ipp2p: kazaa-traffic "

# ip2pp for BitTorrent (allowed ;)
echo -n "(BitTorrent) "
#/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --bit � �-j DROP
#/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --bit � �-j LOG --log-level 6 \
        --log-prefix "ipp2p: BitTorrent-traffic "

echo ""
echo " � �ipp2p started"

and in /etc/shorewall/modules

# ipp2p (p2p Traffic)
� � loadmodule ipp2p

work's like a charm ;))

I don't use the connmark stuff at the moment, because I have not found the 
time to recompile my kernel

hope this helps
Toni
> Walter Wickersham
> _______________________________________________
> LARTC mailing list / [EMAIL PROTECTED]
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Reply via email to