I am running a sshd proxy server.

To avoid the user to access the infringing materials, I need an iptable rule to disable bittorrent.

Any expert in iptable have some advices?
Thanks.

From this page, it looks like BitTorrent uses TCP ports 6881 through 6999 by default, with 6969 for outbound connections to trackers. However, these defaults are easily changeable by the user, so the best you can do with iptables is make it a little bit inconvenient to use BitTorrent.

You can look at filtering based on packet contents, which can sometimes detect signatures in non-encrypted sessions, but encryption is becoming more common and you won't be able to stop that. (See also this page).

So, if you absolutely must stop all BitTorrent traffic using iptables:

iptables -I INPUT -i eth0 -j DROP
iptables -I OUTPUT -i eth0 -j DROP

This may catch some false positives. -rt (if you actually try that, [url=http://library.linode.com/troubleshooting/using-lish-the-linode-shell[/url] will be your friend)

_________________

/* TODO: need to add signature to posts */

I'd caution that you can't block BitTorrent with port blocks alone. You probably won't even make it inconvenient by blocking the "default" ports.

Most BitTorrent clients these days use random ports and UPnP to map them, the traditional default ports are rather uncommon. Trackers also have no restriction on what ports they use, so many use port 80 or whatever else they feel like using.

If you want to block BitTorrent, you'll need to resort to IPP2P (now OpenDPI) or l7-filter. Those won't be able to completely block BitTorrent (especially if it's using encrypted UDP), but it'll do a damned sight better than port blocks, which are useless.

I have tried to install IPP2P in my linode which I use ubuntu 10.4. But failed. It need to recompile the kernel, but I can't find a version of kernel which linode use.

I lol'd.

It this stop all of input and output traffic?

Yes but only on eth0

I need a function to stop BitTorrent traffic only, keep other traffice.

Thanks.

As already explained in some of the posts above, the nature of BitTorrent traffic makes blocking it using port filtering impossible.

_________________
/ Peter

This reply's a bit late, but I just got this up and running myself and figured I'd share in case anyone else is interested:

This is the recipe I use for setting up ipp2p filtering to drop all bittorrent and edonkey traffic originating from our servers. The servers are running Ubuntu 10.04 with stock kernel 2.6.32.16-linode28

Note that it does not seem to stop encrypted bittorrent traffic, but something's better than nothing.

## Install the standard build tools ##
apt-get install build-essential

## For Linode - download the kernel & generate headers##
cd /usr/src
wget http://linode.com/src/$(uname -r).tar.bz2
tar xjvf $(uname -r).tar.bz2
ln -sf $(uname -r) linux
cd linux
make prepare

## Install xtables addons ##
apt-get install xtables-addons-common
apt-get install module-assistant
module-assistant auto-install xtables-addons-source
depmod -a

## Add rejection rules to iptables ##

iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -m ipp2p --edk -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m ipp2p --bit -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m mark --mark 1 -j CONNMARK --save-mark
iptables -A FORWARD -m mark --mark 1 -j REJECT

## At this point, iptables-save it into our firewall file ##
## "pre-up iptables-restore < /etc/iptables.rules" is applied to eth0 ##
## in our /etc/network/interfaces file ##
iptables-save  > /etc/iptables.rules

That could be a problem since last I checked all decent bit torrent clients use encryption by default.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Most of them support it, but not all of them enable it by default. For example, uTorrent - which is my favoritest client - doesn't ( http://www.utorrent.com/faq/features#faq1 ). And apparently, ipp2p can detect BitComet's encryption (or so it claims on http://www.ipp2p.org/news_en.html )...

I'm not sure if uTorrent enables encryption by default on outgoing connections, but it does enable it on incoming connections by default. In fact, as far as I know, there is no way to disable support for incoming encrypted connections.

If you're running a proxy, there are no incoming connections.

... Then how are you doing anything?