Welcome to Linux Forums!

With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.

Linux Forum ArticlesLinux ForumsLinux Forum DownloadsLinux HostsFree MagazinesJobs
Home|Register|FAQ|Member List|Calendar|Unanswered Posts|Forum Rules|Today's Posts|Advanced Search|
SEARCH FOR IN
Go Back   Linux Forums > GNU Linux Zone > Linux Security
Reload this Page iptables firewall to block p2p traffic using ipp2p help pls
Linux Forums
Linux Forums
Welcome To The Linux Forums!
Welcome to Linux Forums. We pride ourselves in being one of the largest Linux communities on the web, we encourage you to REGISTER on our forums and participate in the community. There are over 150,000 members ready to answer your questions. JOINING US today will allow you to make new posts, get support, send messages to other members and submit downloads to our downloads directory and many other great features!

Linux Security Discussion about keeping your machines secure, and the crackers out.

Reply
 
Thread Tools Display Modes
Old 08-10-2004   #1 (permalink)
Just Joined!
 
Join Date: Apr 2004
Posts: 6
iptables firewall to block p2p traffic using ipp2p help pls
Hello,

I'm trying to get rid of kazaa and bittorrent traffic going through my box, and am having a crazy time trying to fix iptables.

I've downloaded and compiled this : http://rnvs.informatik.uni-leipzig.d.../index_en.html

Which is a p2p matching module for iptables ( ipp2p ).

I'm trying to set some basic rules:

Quote:
iptables -F
iptables -A FORWARD -p tcp -m ipp2p --bit -j DROP
iptables -A FORWARD -p tcp -m ipp2p --kazaa -j DROP
iptables -A FORWARD -p tcp -m ipp2p --dc -j DROP
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCE
PT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
The traffic however, still gets through. Even stranger, if I flush with iptables -F the nat still works?! Shouldn't it stop working?

Confused.
Help appreciated.
Alex
Atari is offline   Reply With Quote
Old 08-10-2004   #2 (permalink)
Just Joined!
 
Join Date: Jul 2004
Location: UK
Posts: 77
Send a message via ICQ to Armage
Rather than using FORWARD try INPUT for your DROP rules.

Armage
__________________
Registered Linux User # 340180
Armage is offline   Reply With Quote
Old 08-10-2004   #3 (permalink)
Just Joined!
 
Join Date: Apr 2004
Posts: 6
Shouldn't the NAT stop working though if I issue an:

iptables -F
Atari is offline   Reply With Quote
Old 08-10-2004   #4 (permalink)
Just Joined!
 
Join Date: Jul 2004
Location: UK
Posts: 77
Send a message via ICQ to Armage
The NAT is in a different table. Hence iptables -t. This maybe why the flush doesn't clear the NAT.

Hope this helps. Post back how you get on.

Armage
__________________
Registered Linux User # 340180
Armage is offline   Reply With Quote
Old 08-10-2004   #5 (permalink)
Just Joined!
 
Join Date: Apr 2004
Posts: 6
Ahh crap I see..thanks.

iptables -t nat -L

shows a separate list.

At which step should I insert the drop rules in this case? In which table also? I've changed the rules above to the INPUT chain as you suggest, and still no avail.
Atari is offline   Reply With Quote
Old 08-10-2004   #6 (permalink)
Just Joined!
 
Join Date: Jul 2004
Location: UK
Posts: 77
Send a message via ICQ to Armage
Quote:
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCE
PT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
Theses rules look like they are allowing established connections access through the firewall. I would test turning them off too.

The drops are ok where they are.

Armage[/quote]
__________________
Registered Linux User # 340180
Armage is offline   Reply With Quote
Old 08-10-2004   #7 (permalink)
Just Joined!
 
Join Date: Apr 2004
Posts: 6
Well after a slew of trial and error I have found where the calls are to be placed. Removing any of these results in p2p traffic going through.

iptables -F
iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP
iptables -A FORWARD -p tcp -m ipp2p --ipp2p -j DROP
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -m ipp2p --ipp2p -j DROP
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Atari is offline   Reply With Quote
Old 06-22-2005   #8 (permalink)
Just Joined!
 
Join Date: Jun 2005
Posts: 5
An alternative approach would be to use "ROPE" (http://www.lowth.com/rope) and/or Ftwall (http://www.lowth.com/p2pwall/ftwall).
Wolfmans Brother is offline   Reply With Quote
Old 04-23-2008   #9 (permalink)
Just Joined!
 
Join Date: Apr 2008
Posts: 1
Block P2P Traffic
Did you get any final result for block P2P traffic.
Aamir


Quote:
Originally Posted by Atari View Post
Hello,

I'm trying to get rid of kazaa and bittorrent traffic going through my box, and am having a crazy time trying to fix iptables.

I've downloaded and compiled this : http://rnvs.informatik.uni-leipzig.d.../index_en.html

Which is a p2p matching module for iptables ( ipp2p ).

I'm trying to set some basic rules:



The traffic however, still gets through. Even stranger, if I flush with iptables -F the nat still works?! Shouldn't it stop working?

Confused.
Help appreciated.
Alex
astrolhr is offline   Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off
 

Free Magazines
Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe
Systems Management News, the newspaper for IT systems administration and data center managers!
Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe
The Enterprise Newsweekly
eWeek is the essential technology information source for builders of e-business.
subscribe
Oracle Magazine
Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe
Total Telecom
Total Telecom is "The Economist of the communications industry".
subscribe
More free magazines »



All times are GMT. The time now is 07:09 PM.



Contact Us | Advertise | Archive | Top
© 2000 - 2008 - All Rights Reserved - Property of  MAS Media

Content Relevant URLs by vBSEO 3.2.0