This is what i use. It disables torrents, emule, dc++. Kazaa.. don't know. But this can be used even over port 80 or much simplier over http tunnel. Be advised that BitComet and Azureus clients use a different range of ports. You have to look for them yourself. They are not included here. --Adrian. #cutoff emule/torrent iptables -A FORWARD -p tcp -m multiport --dports 6881,6882,6883,6884,6885,6886,6887,6888,6889,1214 -j REJECT iptables -A FORWARD -p udp -m multiport --dports 6881,6882,6883,6884,6885,6886,6887,6888,6889,1214 -j REJECT iptables -A FORWARD -p tcp -m multiport --dports 6346,6347 -j REJECT iptables -A FORWARD -p udp -m multiport --dports 6346,6347 -j REJECT iptables -A FORWARD -p tcp -m multiport --dports 4711,4665,4661,4672,4662,8080,9955 -j REJECT iptables -A FORWARD -p udp -m multiport --dports 4711,4665,4661,4672,4662,8080,9955 -j REJECT iptables -A FORWARD -p tcp --dport 4242:4299 -j REJECT iptables -A FORWARD -p udp --dport 4242:4299 -j REJECT iptables -A FORWARD -p tcp --dport 6881:6999 -j REJECT iptables -A FORWARD -p udp --dport 6881:6999 -j REJECT On Mon, 22 Nov 2004 08:39:38 -0500, Adam Lang <aalang@xxxxxxxxxxxxxxxxxxxx> wrote: > Two ways to go about it. > > First, block ALL outgoing ports and open only those needed to work (port 80 > from the Squid machine, etc.) > > Second, have management reprimand the people that have these programs > installed on their computers. If they continue them, management has to take > action. Also, they should put out a definitive policy on such use first and > then give a "week amnesty period". > > The only truly effective way to deal with such programs is through > management. Put will find out emule isn't so great when it costs them their > jobs. > > > ----- Original Message ----- > From: "Luca Ferrari" <fluca1978@xxxxxxxxxxx> > To: <linux-admin@xxxxxxxxxxxxxxx> > Sent: Monday, November 22, 2004 5:27 AM > Subject: how to protect against peer-to-peer? > > > Hi, > > in my network users are increasing the amount of peer-to-peer traffic > (e-mule, > > winmx), how can I deny the above traffic? I'm using iptables and squid on > my > > linux firewall, but I don't know if there's a specific port to lock or > > something else I can use to recognize the "bad" packet in the network > > traffic. > > > > Thanks, > > Luca > > -- > > Luca Ferrari, > > fluca1978@xxxxxxxxxxx > > > > > > - > > : send the line "unsubscribe linux-admin" in > > the body of a message to majordomo@xxxxxxxxxxxxxxx > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > - > : send the line "unsubscribe linux-admin" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
