1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Could you make this script smaller?

Discussion in 'Tomato Firmware' started by eRd12, Mar 29, 2007.

  1. eRd12

    eRd12 LI Guru Member

    Hi this is my first post here and I have a question:biggrin: . How do you take care with torrents? Because these programs makes a lot of connections and could kill other things. I have a good script for it which doesn't let for making so many connections, but for range of ip which I need it looks like that
    Code:
    iptables -I FORWARD -p udp -s 192.168.1.2 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.2 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.3 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.3 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.4 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.4 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.5 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.5 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.6 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.6 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.7 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.7 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.8 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.8 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.9 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.9 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.10 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.10 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.11 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.11 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.12 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.12 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.13 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.13 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.14 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.14 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.15 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.15 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.16 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.16 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.17 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.17 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.18 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.18 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.19 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.19 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.20 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.20 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.21 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.21 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.22 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.22 -m limit --limit 3/s -j ACCEPT
    iptables -I FORWARD -p udp -s 192.168.1.23 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.23 -m limit --limit 3/s -j ACCEPT
    we know that script should be as short as possible, I only know that I should use iprange function, but I tried and it doesn't work how it should, but the way must be good. Maybe somebody have an idea how to make it to take only two lines for example?
     
  2. mikester

    mikester Network Guru Member

    I'm not an iptables "expert" but doesn't the following work?

    iptables -I FORWARD -p udp -s 192.168.1.0/24 -j DROP
    iptables -I FORWARD -p udp -s 192.168.1.0/24 -m limit --limit 3/s -j ACCEPT

    With respect to blocking all torrents, I found setting up an access restriction to filter all (1) P2P and Torrent, plus (2) a keyword restriction to block the following words helps:

    torrent
    announce
     
  3. eRd12

    eRd12 LI Guru Member

    So ... robsonn helped me :rockon:
    the script should be like that:

    Code:
    iptables -I FORWARD -p udp -m iprange --src-range 192.168.1.2-192.168.1.23 -j DROP 
    iptables -I FORWARD -p udp -m iprange --src-range 192.168.1.2-192.168.1.23 -m limit --limit 3/s -j ACCEPT
    you say that you blocked all torrents for maximum, but I only want to make them the last in the queue and not dangerous :smile:
    could you share with your settings? print screen or etc. ?
     
  4. mikester

    mikester Network Guru Member

    I completely block torrents/P2P.

    If you want to allow torrents/P2P and rate limit them try using QOS with the default class at lowest. Also check out the FAQ on setting the number of Maximum Connections.

    There's a thread somewhere here for a program you can download to write custom scripts for rate limiting. Try searching "WRT script generator".
     

Share This Page