LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-15-2008, 07:40 PM   #1
packets
Member
 
Registered: Oct 2005
Posts: 339

Rep: Reputation: 32
How to block p2p using iptables


I have a small server here in out office with only 3GB hard drive so installing a proxy server is impossible besides it was also running in an Pentium 2.

It's purpose is to act as firewall and do a NAT. My problem is how do I block p2p such as Limewire in our local network? Can anyone such give an idea or at least a simple command
 
Old 04-15-2008, 08:00 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Depends. If the situation allows a network policy or AUP to be used then it would be easier to monitor for anomalous traffic (addresses, ports, volume) and "teach" offenders "respect" for others properties. Combine with or replace by white-listing (firewall, proxy) accomplishes about the same by forcing only acceptable (addresses, ports) egress traffic. Else there's the Layer 7 iptables filters (see Sourceforge.net). Else there's Snort (inline?) / Community / Bleeding Edge P2P signatures. I'm probably forgetting something.
 
Old 04-16-2008, 12:16 AM   #3
madumadu
LQ Newbie
 
Registered: Feb 2008
Posts: 6

Rep: Reputation: 0
Hi buddy, This is an issue ive been studing for a very long time and i came up with a cheap solution, which has never failed me. with IPtables u need first
1. to have your linux machine running a transparent proxy and also force everyone to pass through it.
2. create an acl group, with DENY as the main thing,next create a file which the acl referees to and what ever u put in the file any name, believe me the content will be blocked and u will get results as shown from the squid logs:-

1208281184.947 0 192.168.0.5 TCP_DENIED/403 1484 GET http://streamrotator/thumbs/l/5853.jpg - NONE/- text/html
1208281184.953 5 192.168.0.5 TCP_DENIED/403 1486 GET http://streamrotator/thumbs/c/10489.jpg - NONE/- text/html
 
Old 04-16-2008, 12:17 AM   #4
packets
Member
 
Registered: Oct 2005
Posts: 339

Original Poster
Rep: Reputation: 32
Thanks, but like I said. Squid is impossible since its only running under 3GB harddrive
 
Old 04-16-2008, 04:33 AM   #5
crashmeister
Senior Member
 
Registered: Feb 2002
Distribution: t2 - trying to anyway
Posts: 2,541

Rep: Reputation: 47
There is an article here and you could also try l7-filter.

Dunno how well those work since P2P is the last thing I'd like to block :-)
 
Old 04-16-2008, 10:47 AM   #6
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by packets View Post
Thanks, but like I said. Squid is impossible since its only running under 3GB harddrive
What does the 3GB hard drive have anything to do with? A Squid binary package will probably weigh about 1MB, and once installed Squid doesn't have to use the hard drive for cache if you don't want to. And if you do want it to, you can configure exactly how much it should use. I'm not saying Squid is the solution to your problem, but if the only reason you aren't trying it is because you think your hard disk is stopping you then you are missing-out. Also, a Pentium II CPU is perfectly fine for Squid, but as with any CPU, it depends on the amount of clients, concurrent connections, etc.

Last edited by win32sux; 04-16-2008 at 10:49 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables p2p block jibskg Linux - Security 8 05-17-2010 02:27 AM
using squid to block p2p yawe_frek Linux - Software 2 08-15-2007 10:58 AM
iptables-p2p - Instalation problems | How to block p2p with iptables Woping Linux - Networking 0 03-14-2006 12:56 PM
iptables how to block p2p (missing ipp2p) Neze Linux - Networking 1 02-01-2005 01:33 PM
block p2p tcby Linux - Security 1 10-28-2001 10:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration