Blocking Kazaa with iptables
 

Hey guys, I just found these forumns, and all i can say is WOW! I'm used to car forums like this, but finally i found a linux one!

anyway, on to the question!

I'm a admin for a company and were trying to block kazaa. I've tried blocking its ports, but it keeps shifting its ports that it uses. Its really smart program. Anyway, i did a ethereal dump and noticed that the header of the login packet begins with "KaZaa" or something like it. Isn't there a stateful packet checking in iptables that'll allow you to search for strings and then just drop the packet?

Could someone throw up some code or point me in the right direction? thankx!

Welcome to LQ.

I'm a admin for a company
...and even if you're not an admin you should have done two things in advance:
- Set up or adapt your companies' network policies to explicitly deny P2P usage and connections to P2P networks. If you don't do this then it will take just another hole in the policy, another codehead and another app 'til your bandwidth drops again. It also gives you something to enforce, which else will only be done at random or only when detected.
- Read up on filtering: Netfilter *does* include (still experimental?) string match support. If that ain't what you're looking for, see Snort(.org) for Snort ("X-Kazaa" P2P rules) + Guardian (gives Snort Netfilter blocking caps) or (Google for) the LARTC site for bandwidth shaping.

Btw, since this is your first post here it would be good to mention you can also search LQ for the term kazaa+block.
Kinda neat, innit.