1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Block all P2P app

Discussion in 'Tomato Firmware' started by peyton, Nov 13, 2008.

  1. peyton

    peyton LI Guru Member

    Hi there,

    I'll have to put a router for a friend of mine who has to put network in an association and i just wanna know what ip adress do we have to put in "Application Limit" to block all iPP2P for all IP.

    Do i have to let 0.0.0.0 and it will take all the ranges or not ?

    Thanks.
     
  2. peyton

    peyton LI Guru Member

    Anyone ? uh ?
     
  3. srouquette

    srouquette Network Guru Member

    I don't think it's possible to block P2P, because a user can choose a random port, and he can encrypt the connection which will render the layer 7 useless.
    well, for bittorrent at least...
     
  4. peyton

    peyton LI Guru Member

    I don't care about the random port, it's for an association, i assume they're not able to use encrypted connexion for P2P and i would like to use the app limit : All IPP2P.

    You don't really gave me an answer. :rolleyes:
    I just wanna know what IP do i have to put to apply the restriction to everyone in my lan/wlan.
     
  5. FRiC

    FRiC LI Guru Member

    In the "Applies To" field, just select All Computers/Devices to block everyone, or choose one of the other options and put in whatever IP's or IP ranges you want.

    But as the other guy said, blocking it is one thing, but whether the block actually works is another thing. (It never worked for me.)
     
  6. peyton

    peyton LI Guru Member

  7. FRiC

    FRiC LI Guru Member

    I see now you're using a modified version of Tomato. Maybe you can try asking in that thread instead, or mark this thread more clearly...
     
  8. wdca

    wdca LI Guru Member

    Hi peyton!
    I did not tested the Applimit at all. It's from the conanxu mod.
    If it doesn't work try simply to add the startup scripts this lines.
    Code:
    iptables -I FORWARD -m ipp2p --ipp2p -j DROP
    iptables -I FORWARD -m layer7 --l7proto 100bao -j DROP
    iptables -I FORWARD -m layer7 --l7proto gnutella -j DROP
    iptables -I FORWARD -m layer7 --l7proto torrent -j DROP
    ....
    
    And so on.
    See the protocol names at l7-filter.sf.net.
    It should block COMPLETELY mostly common used p2p clients.
    Good luck!
     
  9. i1135t

    i1135t Network Guru Member

    Actually thanks, but tried it and doesn't work either... I did discover that by deleting the UPnP connections for "LimewireXXX" connections pretty much made it near to impossible to download after doing that. So the question is... is there a way to automatically delete any UPnP connection that matches "Limewire" in the description area?

    If there is that would probably work... at least for Limewire/frostwire :)
     
  10. peyton

    peyton LI Guru Member

    Disable the UPnP will actually match but you'll have to open some ports manually. :eek:

    I haven't try the iptables lines yet.
     
  11. i1135t

    i1135t Network Guru Member

    Well, of course that would do it, but my point was to keep UPnP up, but have a script automatically check every minute to kill any UPnP connections that matches xxx. That would work...
     
  12. mikester

    mikester Network Guru Member

    Adding the following keywords under access restriction will help put a damper on the torrents:

    announce
    torrent
     

Share This Page