subject:"\[LARTC\] Blocking p2p traffic"

Re: [LARTC] Blocking p2p traffic

2004-06-20 Thread Will Tatam

try
http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html
Walter Wickersham wrote:
Greetings, I've searched, found ftwall, and some other commercial solutions, but am 
wondering if anyone on this list has any solutions using a linux firewall to block p2p 
traffic, more specifically Kazaa.
Walter Wickersham
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
 


--
Will Tatam

Email / JID [EMAIL PROTECTED]
Web www.netmindz.net
PGP Key www.netmindz.net/will/will_tatam.asc

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Blocking p2p traffic

2004-06-08 Thread Horst Graffy

Am Dienstag, 8. Juni 2004 21:15 schrieb Walter Wickersham:
> Greetings, I've searched, found ftwall, and some other commercial
> solutions, but am wondering if anyone on this list has any solutions using
> a linux firewall to block p2p traffic, more specifically Kazaa.
>
Hi,

I've integrated ipp2p 
(http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html) in my 
shorewall-firewall (http://www.shorewall.net/) setup:

in /etc/shorewall/start (create the file if not there)
###
# ipp2p
###
echo -n "    starting ipp2p   "

# ip2pp for appleJuice
echo -n "(appleJuice) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --apple  -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --apple  -j LOG --log-level 6 \
--log-prefix "ipp2p: appleJuice-traffic "

# ip2pp for dc
echo -n "(DC) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --dc    -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --dc    -j LOG --log-level 6 \
--log-prefix "ipp2p: dc-traffic "

# ip2pp for gnutella
echo -n "(gnutella) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --gnu   -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --gnu   -j LOG --log-level 6 \
--log-prefix "ipp2p: gnutella-traffic "

# ip2pp for eDonkey
echo -n "(eDonkey) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --edk   -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --edk   -j LOG --log-level 6 \
--log-prefix "ipp2p: eDonkey-traffic "

# ip2pp for kazaa
echo -n "(kazaa) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --kazaa -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --kazaa -j LOG --log-level 6 \
--log-prefix "ipp2p: kazaa-traffic "

# ip2pp for BitTorrent (allowed ;)
echo -n "(BitTorrent) "
#/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --bit    -j DROP
#/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --bit    -j LOG --log-level 6 \
--log-prefix "ipp2p: BitTorrent-traffic "

echo ""
echo "    ipp2p started"

and in /etc/shorewall/modules

# ipp2p (p2p Traffic)
    loadmodule ipp2p

work's like a charm ;))

I don't use the connmark stuff at the moment, because I have not found the 
time to recompile my kernel

hope this helps
Toni
> Walter Wickersham
> ___
> LARTC mailing list / [EMAIL PROTECTED]
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Blocking p2p traffic

2004-06-08 Thread Jason Boxman

On Tuesday 08 June 2004 15:15, Walter Wickersham wrote:
> Greetings, I've searched, found ftwall, and some other commercial
> solutions, but am wondering if anyone on this list has any solutions using
> a linux firewall to block p2p traffic, more specifically Kazaa.

Yes.

If you're using a 2.4.x series kernel, check out IPP2P[1].  You'll also need 
the CONNMARK extension for IPTables.  You can then easily drop p2p traffic.

If you're using a 2.6.x series kernel, check out L7-Filter[2].  You can easily 
drop p2p traffic (and other nifty application level protocol matches) too.

[1] http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html
[2] http://l7-filter.sourceforge.net/

Enjoy!

> Walter Wickersham

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Blocking p2p traffic

2004-06-08 Thread Walter Wickersham

Greetings, I've searched, found ftwall, and some other commercial solutions, but am 
wondering if anyone on this list has any solutions using a linux firewall to block p2p 
traffic, more specifically Kazaa.

Walter Wickersham
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Blocking p2p traffic

Re: [LARTC] Blocking p2p traffic

Re: [LARTC] Blocking p2p traffic

[LARTC] Blocking p2p traffic

4 matches

Site Navigation

Mail list logo

Footer information