-   Linux - Server (
-   -   iptables: Invalid argument (

pk_kala 03-15-2007 05:44 AM

iptables: Invalid argument
I try to install ipp2p on Ubuntu.
after compile kernel to, i follow this
#### IPTABLES Block ipt_ipp2p Network ####
1. Download & Compile
# tar xvfz ipp2p.08.tar.gz
# cd ipp2*
# make
# cp ipt_ipp2p.ko /lib/modules/
# echo "/lib/modules/" >> /lib/modules/
# echo "ipt_ipp2p" >> /etc/modules
# modprobe ipt_ipp2p
# depmod -a
# cp /lib/iptables/

2. Check IPTABLES + P2P
# iptables -m ipp2p --help

3. Make rules
default rules
# iptables -A FORWARD -p tcp -m ipp2p --ipp2p -j DROP
iptables: Invalid argument

How I resolve ?

Thank you

win32sux 03-15-2007 12:11 PM

a few questions: the documentation states that you need to have the iptables source code installed when you compile ipp2p... did you?? was it auto-detected or did you edit the makefile?? were there any warnings or errors when you did the "make"?? when you did the "iptables -m ipp2p --help" did you get the help screen??

pk_kala 03-15-2007 10:25 PM

I download iptables v 1.3.3
and tar and ln -s iptables-1.3.3 /usr/src/iptables

I edit Makefile

IPTABLES_SRC = /usr/src/iptables-1.2.9
IPTABLES_SRC = /usr/src/iptables

when make ipp2p doesn't have error and iptables -m ipp2p --help show

# iptables -m ipp2p --help

iptables v1.3.3

Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LFZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)

Either long or short options are allowed.
--append -A chain Append to chain
--delete -D chain Delete matching rule from chain
--delete -D chain rulenum
Delete rule rulenum (1 = first) from chain
--insert -I chain [rulenum]
Insert in chain as rulenum (default 1=first)
--replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
--list -L [chain] List the rules in a chain or all chains
--flush -F [chain] Delete all rules in chain or all chains
--zero -Z [chain] Zero counters in chain or all chains
--new -N chain Create a new user-defined chain
-X [chain] Delete a user-defined chain
--policy -P chain target
Change policy on chain to target
-E old-chain new-chain
Change chain name, (moving any references)
--proto -p [!] proto protocol: by number or name, eg. `tcp'
--source -s [!] address[/mask]
source specification
--destination -d [!] address[/mask]
destination specification
--in-interface -i [!] input name[+]
network interface name ([+] for wildcard)
--jump -j target
target for rule (may load target extension)
--goto -g chain
jump to chain with no return
--match -m match
extended match (may load extension)
--numeric -n numeric output of addresses and ports
--out-interface -o [!] output name[+]
network interface name ([+] for wildcard)
--table -t table table to manipulate (default: `filter')
--verbose -v verbose mode
--line-numbers print line numbers when listing
--exact -x expand numbers (display exact values)
[!] --fragment -f match second or further fragments only
--modprobe=<command> try to insert modules using this command
--set-counters PKTS BYTES set the counter during insert/append
[!] --version -V print package version.

IPP2P v0.8.0 options:
--ipp2p Grab all known p2p packets
--edk [TCP&UDP] All known eDonkey/eMule/Overnet packets
--dc [TCP] All known Direct Connect packets
--kazaa [TCP&UDP] All known KaZaA packets
--gnu [TCP&UDP] All known Gnutella packets
--bit [TCP&UDP] All known BitTorrent packets
--apple [TCP] All known AppleJuice packets
--winmx [TCP] All known WinMX
--soul [TCP] All known SoulSeek
--ares [TCP] All known Ares

DEBUG SUPPPORT, use only if you know why
--debug Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER

Note that the follwing options will have the same meaning:
'--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx --soul --ares'

IPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this.
You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets.

See README included with this package for more details or visit

iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP

pk_kala 03-21-2007 04:23 AM

ipp2p 0.8.2 work fine.

sakimustafa 06-23-2007 03:21 AM

ipp2p problem same like you
same condition like you all I have done what you posted. Would
you tell me how you resolved it?

