Re: how to block kazaa ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tuesday 25 February 2003 09:44 pm, inghau@perkom.co.id wrote:
> hello
>
> i have some problems in my lan environment. most of my clients using
> kazaa to dowmload mp3 and mpg files. these progams eating most of my
> small bandwidth so can i put some rules to "block" these kazaa and
> other p2p program ?
>
> right now my linux boxes is just act as very simple NAT router using
> iptables
>
>
> thank you very much

If you want simply to keep them from working, then the answer is to DROP 
traffic in FORWARD chain to/from the ports used for server or peer 
communication.  For Gnutella/Limewire/Morpheus and kin, this means:

iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
iptables -A FORWARD -p udp --dport 6346:6347 -j DROP

for EDonkey & Overnet:

iptables -A FORWARD -p tcp --dport 4660:4666 -j DROP
iptables -A FORWARD -p udp --dport 4660:4666 -j DROP

for older Kazaa apparently this suffices:

iptables -A FORWARD -p tcp --dport 1214 -j DROP
iptables -A FORWARD -p udp --dport 1214 -j DROP

But newer implementations apparently support port-hopping, so it seems 
that the only confirmed way to stop it with iptables is with the STRING 
match from patch-o-matic, and block anything with the string "kazaa" 
(don't recall case requirements) in it.  Compiling a custom 
kazaa-blocking kernel may be more than you want to do, though.

If you want to be 'polite' then use the REJECT target instead of DROP, at 
least for connections initiated from the LAN.  If you want to be 
thorough, then LOG the traffic, find out who it is, and beat the kazaa 
out of them with a keyboard... :^)

Also, if the primary bottleneck is outbound, you might find that using 
the mangle table in prerouting to set TOS for certain desirable traffic 
and enacting pfifo queuing discipline will help a great deal - IE change 
TOS to a favorable value (0x10 perhaps) for specific traffic like HTTP 
SMTP POP3 IMAP or any VNC or such and then setting TOS to a 'bulk 
traffic' value (0x02 for example) for the remainder, or for the P2P 
traffic if it is identifiable.  The pfifo qdisc will always send the 
0x10 traffic, and send 0x02 only if there is nothing else waiting to be 
sent.

j
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux