Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-15-2008, 07:40 PM
|
#1
|
Member
Registered: Oct 2005
Posts: 339
Rep:
|
How to block p2p using iptables
I have a small server here in out office with only 3GB hard drive so installing a proxy server is impossible besides it was also running in an Pentium 2.
It's purpose is to act as firewall and do a NAT. My problem is how do I block p2p such as Limewire in our local network? Can anyone such give an idea or at least a simple command
|
|
|
04-15-2008, 08:00 PM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
Depends. If the situation allows a network policy or AUP to be used then it would be easier to monitor for anomalous traffic (addresses, ports, volume) and "teach" offenders "respect" for others properties. Combine with or replace by white-listing (firewall, proxy) accomplishes about the same by forcing only acceptable (addresses, ports) egress traffic. Else there's the Layer 7 iptables filters (see Sourceforge.net). Else there's Snort (inline?) / Community / Bleeding Edge P2P signatures. I'm probably forgetting something.
|
|
|
04-16-2008, 12:16 AM
|
#3
|
LQ Newbie
Registered: Feb 2008
Posts: 6
Rep:
|
Hi buddy, This is an issue ive been studing for a very long time and i came up with a cheap solution, which has never failed me. with IPtables u need first
1. to have your linux machine running a transparent proxy and also force everyone to pass through it.
2. create an acl group, with DENY as the main thing,next create a file which the acl referees to and what ever u put in the file any name, believe me the content will be blocked and u will get results as shown from the squid logs:-
1208281184.947 0 192.168.0.5 TCP_DENIED/403 1484 GET http://streamrotator/thumbs/l/5853.jpg - NONE/- text/html
1208281184.953 5 192.168.0.5 TCP_DENIED/403 1486 GET http://streamrotator/thumbs/c/10489.jpg - NONE/- text/html
|
|
|
04-16-2008, 12:17 AM
|
#4
|
Member
Registered: Oct 2005
Posts: 339
Original Poster
Rep:
|
Thanks, but like I said. Squid is impossible since its only running under 3GB harddrive
|
|
|
04-16-2008, 04:33 AM
|
#5
|
Senior Member
Registered: Feb 2002
Distribution: t2 - trying to anyway
Posts: 2,541
Rep:
|
There is an article here and you could also try l7-filter.
Dunno how well those work since P2P is the last thing I'd like to block :-)
|
|
|
04-16-2008, 10:47 AM
|
#6
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by packets
Thanks, but like I said. Squid is impossible since its only running under 3GB harddrive
|
What does the 3GB hard drive have anything to do with? A Squid binary package will probably weigh about 1MB, and once installed Squid doesn't have to use the hard drive for cache if you don't want to. And if you do want it to, you can configure exactly how much it should use. I'm not saying Squid is the solution to your problem, but if the only reason you aren't trying it is because you think your hard disk is stopping you then you are missing-out. Also, a Pentium II CPU is perfectly fine for Squid, but as with any CPU, it depends on the amount of clients, concurrent connections, etc.
Last edited by win32sux; 04-16-2008 at 10:49 AM.
|
|
|
All times are GMT -5. The time now is 02:04 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|