block p2p traffic

Kaushal Shriyan kaushalshriyan at gmail.com
Tue Jun 8 15:27:46 UTC 2010 

On Mon, Jun 7, 2010 at 2:26 PM, Kaushal Shriyan <kaushalshriyan at gmail.com>wrote:

>
>
> On Sun, Jun 6, 2010 at 6:23 AM, Michael Sanders <dsanders at jsu.edu> wrote:
>
>> I second Paul that is the way to go, once one finds out they have eyes on
>> them, it "can" fix it's self.  We had a problem with an individual serving
>> up files and the big bad record industry sent a letter. That gave us the
>> right to cut the user off. Once turned back on behavior changed.   You will
>> get some flack on the front end but over time a majority of the community
>> will get in line.
>>
>>   Danny Michael Sanders
>>   IT Support Analyst
>>
>> ----- "Paul Graydon" <paul at paulgraydon.co.uk> wrote:
>> > That will help, but realistically you're going to have to block every
>> "high port" to stop P2P through that method.
>> >
>> > The only way to effectively block P2P is to do packet sniffing and
>> analysis.. and that's just one big hassle.
>> >
>> > My belief is this is usually the wrong way to tackle the problem,
>> looking for a technical solution to a human resource problem.
>> > User education (and LARTing if necessary) is the key.  Using software
>> like Cacti to monitor and graph per-port traffic stats, identify the largest
>> bandwidth users and then focus on them and find out just why they're using
>> up so much bandwidth.
>> > It's remarkable just how soon the problem all goes away after you find
>> just one or two individuals who are abusing the network infrastructure and
>> explain to them what the disciplinary procedures are (or enact if it's
>> appropriate and you have concrete evidence.)  The message soon spreads!
>> >
>> > Paul
>> >
>> > On 06/04/2010 05:03 AM, Greyson Farias wrote:
>>
>> Hello,
>> >
>> > You can use these iptables rules, because I don't like, don't use and I
>> don't wanna learn ufw. hehehehehe
>> >
>> > # Block P2P connections
>> > iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP
>> > iptables -A FORWARD -p udp --dport 1214:1215 -j DROP
>> > iptables -A FORWARD -p tcp --dport 1981 -j DROP
>> > iptables -A FORWARD -p udp --dport 1981 -j DROP
>> > iptables -A FORWARD -p tcp --dport 2037 -j DROP
>> > iptables -A FORWARD -p udp --dport 2037 -j DROP
>> > iptables -A FORWARD -p tcp --dport 3501 -j DROP
>> > iptables -A FORWARD -p udp --dport 3501 -j DROP
>> > iptables -A FORWARD -p tcp --dport 3531 -j DROP
>> > iptables -A FORWARD -p udp --dport 3531 -j DROP
>> > iptables -A FORWARD -p tcp --dport 3587 -j DROP
>> > iptables -A FORWARD -p udp --dport 3587 -j DROP
>> > iptables -A FORWARD -p tcp --dport 3955 -j DROP
>> > iptables -A FORWARD -p udp --dport 3955 -j DROP
>> > iptables -A FORWARD -p tcp --dport 4242 -j DROP
>> > iptables -A FORWARD -p udp --dport 4242 -j DROP
>> > iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP
>> > iptables -A FORWARD -p udp --dport 4661:4672 -j DROP
>> > iptables -A FORWARD -p tcp --dport 4688 -j DROP
>> > iptables -A FORWARD -p udp --dport 4688 -j DROP
>> > iptables -A FORWARD -p tcp --dport 5121 -j DROP
>> > iptables -A FORWARD -p udp --dport 5121 -j DROP
>> > iptables -A FORWARD -p tcp --dport 5662 -j DROP
>> > iptables -A FORWARD -p udp --dport 5662 -j DROP
>> > iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP
>> > iptables -A FORWARD -p udp --dport 6085:6086 -j DROP
>> > iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
>> > iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
>> > iptables -A FORWARD -p tcp --dport 6699 -j DROP
>> > iptables -A FORWARD -p udp --dport 6699 -j DROP
>> > iptables -A FORWARD -p udp --dport 6881:6889 -j DROP
>> > iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
>> > iptables -A FORWARD -p tcp --dport 8473 -j DROP
>> > iptables -A FORWARD -p udp --dport 8473 -j DROP
>> >
>> >
>> >
>> >
>> > 2010/6/4 Kaushal Shriyan <kaushalshriyan at gmail.com>
>> >
>>>
>>> Hi,
>>> >
>>> > is there a howto for blocking p2p traffic on ubuntu 10.04 server ?
>>> >
>>> > Thanks,
>>> >
>>> > Kaushal
>>> >
>>> > --
>>> > ubuntu-server mailing list
>>> > ubuntu-server at lists.ubuntu.com
>>> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>>> > More info: https://wiki.ubuntu.com/ServerTeam
>>> >
>>
>>
>> >
>>
>> > --
>> > Greyson Farias
>> > Técnico em Informática - CREA/AC 9329TD
>> > Ubuntu user
>> > Eu prefiro receber documentos em ODF.
>> > http://ubuntu.com/download/getubuntu
>> > Blog Ubuntu Acre: http://ubuntu-ac.org
>> >
>>
>>
>> >
>> >
>>
>> --
>> ubuntu-server mailing list
>> ubuntu-server at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
>> More info: https://wiki.ubuntu.com/ServerTeam
>>
>
> Hi Again
>
> I did followed http://www.debian-administration.org/articles/562
> when i run the make command i get http://pastebin.ubuntu.com/445975/
>
> Please suggest/guide.
>
> Thanks,
>
> Kaushal
>
Hi,

For the benefit of others in this email thread, I did followed this steps

#apt-get install xtables-addons-common
#module-assistant --verbose --text-mode auto-install xtables-addons
#modprobe xt_ipp2p

I added the below line at the end of /etc/init.d/shorewall and restarted
shorewall, it worked.

/sbin/iptables -I OUTPUT -m ipp2p --kazaa --edk --gnu --dc --bit --apple
--winmx --soul --ares -j DROP; /sbin/iptables -I INPUT -m ipp2p --kazaa
--edk --gnu --dc --bit --apple --winmx --soul --ares -j DROP; /sbin/iptables
-I FORWARD -m ipp2p --kazaa --edk --gnu --dc --bit --apple --winmx --soul
--ares -j DROP

I did iptables -L | grep ipp2p it showed up the below entries.

DROP       all  --  anywhere             anywhere            ipp2p --edk
--dc --gnu --kazaa --bit --apple --soul --winmx --ares
DROP       all  --  anywhere             anywhere            ipp2p --edk
--dc --gnu --kazaa --bit --apple --soul --winmx --ares
DROP       all  --  anywhere             anywhere            ipp2p --edk
--dc --gnu --kazaa --bit --apple --soul --winmx --ares

I checked on shorewall irc channel, they said its not a correct method to
add the below line in /etc/init.d/shorewall

/sbin/iptables -I OUTPUT -m ipp2p --kazaa --edk --gnu --dc --bit --apple
--winmx --soul --ares -j DROP; /sbin/iptables -I INPUT -m ipp2p --kazaa
--edk --gnu --dc --bit --apple --winmx --soul --ares -j DROP; /sbin/iptables
-I FORWARD -m ipp2p --kazaa --edk --gnu --dc --bit --apple --winmx --soul
--ares -j DROP

Please suggest/guide further and let me know the correct and the best
practices to block ipp2p traffic

Thanks and Regards

Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100608/0840b20b/attachment.html>

More information about the ubuntu-server mailing list