Hi, Andrew!Thank you for answer! But, i'm testing this netfilter module according various internet howtos, where people claim that this module can block bittorrent traffic.
Server, where i try to apply this module and other iptables rules - VPN access server.
I think, maby problem in ACCEPT rules 1 and 2:1 33 2970 ACCEPT all -- eth0 * 10.2.0.2 0.0.0.0/0 policy match dir in pol ipsec reqid 116 proto 50
2 26 10983 ACCEPT all -- * eth0 0.0.0.0/0 10.2.0.2 policy match dir out pol ipsec reqid 116 proto 50But, this rules is inserted automaticaly by strongswan ipsec daemon, after my connection..
26.03.2013 23:28, Andrew Beverley пишет:
On Tue, 2013-03-26 at 21:53 +0200, Dmitry Korzhevin wrote:Hi, I'm using Debian 6.0.7 x86_64. I have installed xtables with xt_ipp2p and seems i did something wrong, because my rules doesn't drop bittorrent traffic.My gut instinct is it's not working because ipp2p is old software and may not match the bittorrent stream that you are using.1 33 2970 ACCEPT all -- eth0 * 10.2.0.2 0.0.0.0/0 policy match dir in pol ipsec reqid 116 proto 50 2 26 10983 ACCEPT all -- * eth0 0.0.0.0/0 10.2.0.2 policy match dir out pol ipsec reqid 116 proto 50 3 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p --bitNonetheless, given that the default policy is ACCEPT, why not just delete rules 1 and 2 to check whether that is the problem? Are you forwarding the bittorrent traffic to another machine or downloading it locally? I see that you are using rules in both the INPUT and FORWARD chains. Andy
Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhevin@xxxxxxxxxx m: +38 093 874 5453 w: http://www.stidia.com
Attachment:
smime.p7s
Description: ÐÑипÑогÑаÑиÑеÑÐºÐ°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑ S/MIME
