On Tue, 2013-03-26 at 21:53 +0200, Dmitry Korzhevin wrote: > Hi, > > I'm using Debian 6.0.7 x86_64. I have installed xtables with xt_ipp2p > and seems i did something wrong, because my rules doesn't drop > bittorrent traffic. My gut instinct is it's not working because ipp2p is old software and may not match the bittorrent stream that you are using. > 1 33 2970 ACCEPT all -- eth0 * 10.2.0.2 > 0.0.0.0/0 policy match dir in pol ipsec reqid 116 proto 50 > 2 26 10983 ACCEPT all -- * eth0 0.0.0.0/0 > 10.2.0.2 policy match dir out pol ipsec reqid 116 proto 50 > 3 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 ipp2p --bit Nonetheless, given that the default policy is ACCEPT, why not just delete rules 1 and 2 to check whether that is the problem? Are you forwarding the bittorrent traffic to another machine or downloading it locally? I see that you are using rules in both the INPUT and FORWARD chains. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
