1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do I block the Blizzard downloader?

Discussion in 'Tomato Firmware' started by Jedis, Jul 18, 2009.

  1. Jedis

    Jedis LI Guru Member

    It's making my network slow to a crawl.

    I already added the ports it uses to QoS and added them to the Lowest classification (E) on the list, but it still isn't enough.

    How do I block the ports it uses completely?

    Code:
    To 192.168.1.101
    TCP/UDP
    IPP2P: All IPP2P filters	E	Block P2P Incoming
    
    TCP/UDP
    Port: 6112	E	Blizzard Downloader
    
    TCP/UDP
    Port: 6881-6999	E	Blizzard Downloader2
    
    TCP/UDP
    Port: 3724	E	Blizzard Downloader3
     
  2. bogderpirat

    bogderpirat Network Guru Member

    maybe an access restriction that blocks tcp/udp src and dst ports 6881-6999?
     
  3. i1135t

    i1135t Network Guru Member

    You could try adding this to your firewall script assuming that you have that network device on the static DHCP list:
    Code:
    iptables -A INPUT -s 192.168.1.101 -p tcp --sport 6881:6999 -j DROP
    iptables -A INPUT -s 192.168.1.101 -p tcp --sport 6112 -j DROP
    iptables -A INPUT -s 192.168.1.101 -p tcp --sport 3724 -j DROP
    iptables -A OUTPUT -s 192.168.1.101 -p udp --sport 6881:6999 -j DROP
    iptables -A OUTPUT -s 192.168.1.101 -p udp --sport 6112 -j DROP
    iptables -A OUTPUT -s 192.168.1.101 -p udp --sport 3724 -j DROP
    Reboot after save and test... :)
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The INPUT and OUTPUT chains wouldn't be traversed at all in this case. I think you want the FORWARD chain...
     
  5. i1135t

    i1135t Network Guru Member

    Wouldn't the forward chain be for packets destined for network devices outside his LAN?
     
  6. Jedis

    Jedis LI Guru Member

    Is there a concensus on which chain to use? :)
     
  7. Planiwa

    Planiwa LI Guru Member


    Informed Consensus?
    Read The Friendly Manual!
    Skip the other kind.
     
  8. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Well, I assumed that the blizzard servers aren't on his LAN :wink:

    The INPUT chain is only used for packets originating on the router, and the OUTPUT chain is only used for packets destined for the router.

    The FORWARD chain is for packets that are just being forwarded through the router. This is includes all Internet traffic from LAN devices.
     
  9. RonWessels

    RonWessels Network Guru Member

    Actually, according to the iptables FAQ, this is exactly reversed. The INPUT chain is used for packets destined for the router (ie. input to the router) while the OUTPUT chain is used for packets originating on the router (ie. output from the router).
     
  10. Jedis

    Jedis LI Guru Member

    Let me know when you guys decide which I should use ;)

    Appreciate the help!
     
  11. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Yeah, that's what I meant to type. I started describing the output chain first, then decided to do it in the opposite order, but I didn't transpose enough. I guess I need to go get some sleep...

    But, in any case, my point is the same, INPUT and OUTPUT are for packets with the router as an endpoint. Unless the router is the blizzard server, the rules posted previously will do zero good.
     
  12. i1135t

    i1135t Network Guru Member

    Yeah, I just tested it and it does appear that the INPUT and OUTPUT chains are for the router, and router alone, not the entire LAN. Some of the documentation for the iptables are confusing and the only way to know for sure is to test it in real world.

    Anyways, the FORWARD chain is what you want Jedis. Try this:
    Code:
    iptables -I FORWARD -s 192.168.1.101 -p tcp --dport 6881:6999 -j DROP
    iptables -I FORWARD -s 192.168.1.101 -p tcp --dport 6112 -j DROP
    iptables -I FORWARD -s 192.168.1.101 -p tcp --dport 3724 -j DROP
    iptables -I FORWARD -s 192.168.1.101 -p udp --dport 6881:6999 -j DROP
    iptables -I FORWARD -s 192.168.1.101 -p udp --dport 6112 -j DROP
    iptables -I FORWARD -s 192.168.1.101 -p udp --dport 3724 -j DROP
     
  13. Jedis

    Jedis LI Guru Member

    Thanks. It worked a bit too well, unfortunately.

    It not only blocked the downloader, but blocked playing WoW completely. I had to unblock 6112 & 3724 to get WoW working again.
     

Share This Page