John R Pierce wrote: > On 05/02/11 6:31 AM, Kai Schaetzl wrote: >> Correct. The easy solution is to ban bittorrent and other P2P services. > > > not as easy as it sounds. those services are remarkably agile at > dodging firewall rules > P2P always happens on much higher ports and if you create rules that block destination ports higher then 1024, with exceptions of VNC, etc ports, you can pretty much limit abuse. Also worth noting is iptables rule for limiting the number of connections for those higher ports, and using HTB bandwidth limiting with giving priority to regular traffic. Ljubomir, 7 years small WISP. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos