block p2p traffic
Paul Graydon
paul at paulgraydon.co.uk
Fri Jun 4 18:05:42 UTC 2010
That will help, but realistically you're going to have to block every
"high port" to stop P2P through that method.
The only way to effectively block P2P is to do packet sniffing and
analysis.. and that's just one big hassle.
My belief is this is usually the wrong way to tackle the problem,
looking for a technical solution to a human resource problem.
User education (and LARTing if necessary) is the key. Using software
like Cacti to monitor and graph per-port traffic stats, identify the
largest bandwidth users and then focus on them and find out just why
they're using up so much bandwidth.
It's remarkable just how soon the problem all goes away after you find
just one or two individuals who are abusing the network infrastructure
and explain to them what the disciplinary procedures are (or enact if
it's appropriate and you have concrete evidence.) The message soon spreads!
Paul
On 06/04/2010 05:03 AM, Greyson Farias wrote:
> Hello,
>
> You can use these iptables rules, because I don't like, don't use and
> I don't wanna learn ufw. hehehehehe
>
> # Block P2P connections
> iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
> iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
> iptables -A FORWARD -p tcp --dport 1981 -j DROP
> iptables -A FORWARD -p udp --dport 1981 -j DROP
> iptables -A FORWARD -p tcp --dport 2037 -j DROP
> iptables -A FORWARD -p udp --dport 2037 -j DROP
> iptables -A FORWARD -p tcp --dport 3501 -j DROP
> iptables -A FORWARD -p udp --dport 3501 -j DROP
> iptables -A FORWARD -p tcp --dport 3531 -j DROP
> iptables -A FORWARD -p udp --dport 3531 -j DROP
> iptables -A FORWARD -p tcp --dport 3587 -j DROP
> iptables -A FORWARD -p udp --dport 3587 -j DROP
> iptables -A FORWARD -p tcp --dport 3955 -j DROP
> iptables -A FORWARD -p udp --dport 3955 -j DROP
> iptables -A FORWARD -p tcp --dport 4242 -j DROP
> iptables -A FORWARD -p udp --dport 4242 -j DROP
> iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
> iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
> iptables -A FORWARD -p tcp --dport 4688 -j DROP
> iptables -A FORWARD -p udp --dport 4688 -j DROP
> iptables -A FORWARD -p tcp --dport 5121 -j DROP
> iptables -A FORWARD -p udp --dport 5121 -j DROP
> iptables -A FORWARD -p tcp --dport 5662 -j DROP
> iptables -A FORWARD -p udp --dport 5662 -j DROP
> iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
> iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
> iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
> iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
> iptables -A FORWARD -p tcp --dport 6699 -j DROP
> iptables -A FORWARD -p udp --dport 6699 -j DROP
> iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
> iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
> iptables -A FORWARD -p tcp --dport 8473 -j DROP
> iptables -A FORWARD -p udp --dport 8473 -j DROP
>
>
>
> 2010/6/4 Kaushal Shriyan <kaushalshriyan at gmail.com
> <mailto:kaushalshriyan at gmail.com>>
>
> Hi,
>
> is there a howto for blocking p2p traffic on ubuntu 10.04 server ?
>
> Thanks,
>
> Kaushal
>
> --
> ubuntu-server mailing list
> ubuntu-server at lists.ubuntu.com <mailto:ubuntu-server at lists.ubuntu.com>
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>
>
>
>
> --
> Greyson Farias
> Técnico em Informática - CREA/AC 9329TD
> Ubuntu user
> Eu prefiro receber documentos em ODF.
> http://ubuntu.com/download/getubuntu
> Blog Ubuntu Acre: http://ubuntu-ac.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100604/5bfdd6d1/attachment.html>
More information about the ubuntu-server
mailing list