Linode Forum
https://forum.linode.com/

need a iptable rule to disable BitTorrent
https://forum.linode.com/viewtopic.php?f=19&t=6711		 Page 2 of 2
Author:  jeffkyjin [ Sat Dec 17, 2011 11:02 am ]
Post subject: 
again.

I am running ssh proxy and pptp/l2tp vpn.

I still not fix this problem in my servers.

I have tried l7-filter, but failed in some error. post it here: viewtopic.php?t=8115
Author:  jeffkyjin [ Sat Dec 17, 2011 1:39 pm ]
Post subject: 
sliph wrote:
This reply's a bit late, but I just got this up and running myself and figured I'd share in case anyone else is interested:

This is the recipe I use for setting up ipp2p filtering to drop all bittorrent and edonkey traffic originating from our servers. The servers are running Ubuntu 10.04 with stock kernel 2.6.32.16-linode28

Note that it does not seem to stop encrypted bittorrent traffic, but something's better than nothing.

Code:
## Install the standard build tools ##
apt-get install build-essential

## For Linode - download the kernel & generate headers##
cd /usr/src
wget http://linode.com/src/$(uname -r).tar.bz2
tar xjvf $(uname -r).tar.bz2
ln -sf $(uname -r) linux
cd linux
make prepare

## Install xtables addons ##
apt-get install xtables-addons-common
apt-get install module-assistant
module-assistant auto-install xtables-addons-source
depmod -a

## Add rejection rules to iptables ##

iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -m ipp2p --edk -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m ipp2p --bit -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m mark --mark 1 -j CONNMARK --save-mark
iptables -A FORWARD -m mark --mark 1 -j REJECT

## At this point, iptables-save it into our firewall file ##
## "pre-up iptables-restore < /etc/iptables.rules" is applied to eth0 ##
## in our /etc/network/interfaces file ##
iptables-save  > /etc/iptables.rules


Your method works. Thank you.
Author:  tommedema [ Sun Mar 11, 2012 7:18 am ]
Post subject: 
Wouldn't iptables be fairly successful in this if he'd only enable ports for the services that he needs?

For example, if he only uses HTTP and SSH, he could drop all traffic not coming from port 80 or 22.

I doubt all bittorrent traffic would use either of those two.
Author:  Guspaz [ Mon Mar 12, 2012 10:42 am ]
Post subject: 
Some would still get through. There will be some clients listening on port 80 and 22. Trying to block P2P is pure folly; the best you can hope to do is throw up some roadblocks to make it annoying.
Page 2 of 2 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/