Alchemy1.0: How2 block P2P traffic using iptables/l7

Discussion in 'Sveasoft Firmware' started by user23, May 29, 2005.

  1. user23

    user23 Network Guru Member

    Hi,

    As I don't wan't my wireless clients to use filesharing software I enabled the "Block services" filter without any luck (I still see the connections via syslog).
    So I used the rc_startup and rc_firewall scripts to get the newes patterns an insert them into iptables. Still no luck :(

    So - is it possible to block programs like Kazaa, Gnutella and so on and if yes - how :) ?

    Thanks for your help.

    [Edit]
    All "filesharing clients" are connected through a second wrt54g using WDS.
    -> Should the filtering also be done on this second router?
    -> Is there something differnt in this case with a wds network?
     
  2. dotinfo

    dotinfo Network Guru Member

    how did you try to block them. I use the following and it works... OK...

    Code:
    /usr/sbin/iptables -I FORWARD -m ipp2p --ipp2p -j DROP
    
    /usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto directconnect -j DROP 
    /usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto fasttrack -j DROP 
    /usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto applejuice -j DROP 
    /usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto audiogalaxy -j DROP 
    /usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto bittorrent -j DROP 
    /usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto gnucleuslan -j DROP 
    /usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto gnutella -j DROP 
    /usr/sbin/iptables -t mangle -I PREROUTING -p tcp -m layer7 --l7dir /etc/l7-protocols/protocols --l7proto live365 -j DROP
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice