This reply's a bit late, but I just got this up and running myself and figured I'd share in case anyone else is interested:
This is the recipe I use for setting up ipp2p filtering to drop all bittorrent and edonkey traffic originating from our servers. The servers are running Ubuntu 10.04 with stock kernel 2.6.32.16-linode28
Note that it does not seem to stop encrypted bittorrent traffic, but something's better than nothing.
Code:
## Install the standard build tools ##
apt-get install build-essential
## For Linode - download the kernel & generate headers##
cd /usr/src
wget http://linode.com/src/$(uname -r).tar.bz2
tar xjvf $(uname -r).tar.bz2
ln -sf $(uname -r) linux
cd linux
make prepare
## Install xtables addons ##
apt-get install xtables-addons-common
apt-get install module-assistant
module-assistant auto-install xtables-addons-source
depmod -a
## Add rejection rules to iptables ##
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -m ipp2p --edk -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m ipp2p --bit -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m mark --mark 1 -j CONNMARK --save-mark
iptables -A FORWARD -m mark --mark 1 -j REJECT
## At this point, iptables-save it into our firewall file ##
## "pre-up iptables-restore < /etc/iptables.rules" is applied to eth0 ##
## in our /etc/network/interfaces file ##
iptables-save > /etc/iptables.rules
Your method works. Thank you.
FAQ
Search
Members
Register
Login [ Anonymous ]
