Linode Forum :: need a iptable rule to disable BitTorrent

Linode Forum https://forum.linode.com/

need a iptable rule to disable BitTorrent https://forum.linode.com/viewtopic.php?f=19&t=6711	Page 1 of 2

Author:	jeffkyjin [ Tue Feb 15, 2011 6:45 am ]
Post subject:	need a iptable rule to disable BitTorrent
I am running a sshd proxy server. To avoid the user to access the infringing materials, I need an iptable rule to disable bittorrent. Any expert in iptable have some advices? Thanks.

Author:	hoopycat [ Tue Feb 15, 2011 10:00 am ]
Post subject:
From this page, it looks like BitTorrent uses TCP ports 6881 through 6999 by default, with 6969 for outbound connections to trackers. However, these defaults are easily changeable by the user, so the best you can do with iptables is make it a little bit inconvenient to use BitTorrent. You can look at filtering based on packet contents, which can sometimes detect signatures in non-encrypted sessions, but encryption is becoming more common and you won't be able to stop that. (See also this page). So, if you absolutely must stop all BitTorrent traffic using iptables: Code: iptables -I INPUT -i eth0 -j DROP iptables -I OUTPUT -i eth0 -j DROP This may catch some false positives. -rt (if you actually try that, [url=http://library.linode.com/troubleshooting/using-lish-the-linode-shell[/url] will be your friend)

Author:	Guspaz [ Tue Feb 15, 2011 12:10 pm ]
Post subject:
I'd caution that you can't block BitTorrent with port blocks alone. You probably won't even make it inconvenient by blocking the "default" ports. Most BitTorrent clients these days use random ports and UPnP to map them, the traditional default ports are rather uncommon. Trackers also have no restriction on what ports they use, so many use port 80 or whatever else they feel like using. If you want to block BitTorrent, you'll need to resort to IPP2P (now OpenDPI) or l7-filter. Those won't be able to completely block BitTorrent (especially if it's using encrypted UDP), but it'll do a damned sight better than port blocks, which are useless.

Author:	jeffkyjin [ Tue Feb 15, 2011 9:37 pm ]
Post subject:
Guspaz wrote: I'd caution that you can't block BitTorrent with port blocks alone. You probably won't even make it inconvenient by blocking the "default" ports. Most BitTorrent clients these days use random ports and UPnP to map them, the traditional default ports are rather uncommon. Trackers also have no restriction on what ports they use, so many use port 80 or whatever else they feel like using. If you want to block BitTorrent, you'll need to resort to IPP2P (now OpenDPI) or l7-filter. Those won't be able to completely block BitTorrent (especially if it's using encrypted UDP), but it'll do a damned sight better than port blocks, which are useless. I have tried to install IPP2P in my linode which I use ubuntu 10.4. But failed. It need to recompile the kernel, but I can't find a version of kernel which linode use.

Author:	bjl [ Tue Feb 15, 2011 10:53 pm ]
Post subject:
hoopycat wrote: So, if you absolutely must stop all BitTorrent traffic using iptables: Code: iptables -I INPUT -i eth0 -j DROP iptables -I OUTPUT -i eth0 -j DROP I lol'd.

Author:	jeffkyjin [ Fri Feb 18, 2011 3:49 am ]
Post subject:
bjl wrote: hoopycat wrote: So, if you absolutely must stop all BitTorrent traffic using iptables: Code: iptables -I INPUT -i eth0 -j DROP iptables -I OUTPUT -i eth0 -j DROP I lol'd. It this stop all of input and output traffic?

Author:	vonskippy [ Fri Feb 18, 2011 3:53 am ]
Post subject:
jeffkyjin wrote: It this stop all of input and output traffic? Yes but only on eth0

Author:	jeffkyjin [ Sat Feb 19, 2011 3:15 am ]
Post subject:
vonskippy wrote: jeffkyjin wrote: It this stop all of input and output traffic? Yes but only on eth0 I need a function to stop BitTorrent traffic only, keep other traffice. Thanks.

Author:	pclissold [ Sat Feb 19, 2011 8:17 am ]
Post subject:
jeffkyjin wrote: I need a function to stop BitTorrent traffic only, keep other traffice. As already explained in some of the posts above, the nature of BitTorrent traffic makes blocking it using port filtering impossible.

Author:

sliph [ Sat Mar 05, 2011 3:09 am ]

Post subject:

This reply's a bit late, but I just got this up and running myself and figured I'd share in case anyone else is interested:

This is the recipe I use for setting up ipp2p filtering to drop all bittorrent and edonkey traffic originating from our servers. The servers are running Ubuntu 10.04 with stock kernel 2.6.32.16-linode28

Note that it does not seem to stop encrypted bittorrent traffic, but something's better than nothing.

Code:

## Install the standard build tools ##
apt-get install build-essential

## For Linode - download the kernel & generate headers##
cd /usr/src
wget http://linode.com/src/$(uname -r).tar.bz2
tar xjvf $(uname -r).tar.bz2
ln -sf $(uname -r) linux
cd linux
make prepare

## Install xtables addons ##
apt-get install xtables-addons-common
apt-get install module-assistant
module-assistant auto-install xtables-addons-source
depmod -a

## Add rejection rules to iptables ##

iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -m ipp2p --edk -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m ipp2p --bit -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m mark --mark 1 -j CONNMARK --save-mark
iptables -A FORWARD -m mark --mark 1 -j REJECT

## At this point, iptables-save it into our firewall file ##
## "pre-up iptables-restore < /etc/iptables.rules" is applied to eth0 ##
## in our /etc/network/interfaces file ##
iptables-save  > /etc/iptables.rules

Author:	obs [ Sat Mar 05, 2011 5:05 am ]
Post subject:
sliph wrote: Note that it does not seem to stop encrypted bittorrent traffic, but something's better than nothing. That could be a problem since last I checked all decent bit torrent clients use encryption by default.

Author:	sliph [ Sat Mar 05, 2011 5:22 am ]
Post subject:
Quote: That could be a problem since last I checked all decent bit torrent clients use encryption by default. Most of them support it, but not all of them enable it by default. For example, uTorrent - which is my favoritest client - doesn't ( http://www.utorrent.com/faq/features#faq1 ). And apparently, ipp2p can detect BitComet's encryption (or so it claims on http://www.ipp2p.org/news_en.html )...

Author:	Guspaz [ Mon Mar 07, 2011 11:36 am ]
Post subject:
I'm not sure if uTorrent enables encryption by default on outgoing connections, but it does enable it on incoming connections by default. In fact, as far as I know, there is no way to disable support for incoming encrypted connections.

Author:	sliph [ Mon Mar 07, 2011 1:08 pm ]
Post subject:
If you're running a proxy, there are no incoming connections.

Author:	akerl [ Mon Mar 07, 2011 7:51 pm ]
Post subject:
sliph wrote: If you're running a proxy, there are no incoming connections. ... Then how are you doing anything?

Page 1 of 2	All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/