SSCR Internet Admin wrote:
Hi, I am experimenting on how to stop torrent downloads, but when a torrent client already established a connection, it don't drop the packets at all. I hope someone could share a thought or two about my approach.... 1. Run squid on transparent mode 2. I run this iptables command... #Reroute all ports to port 3128 $IPT -t nat -I PREROUTING -i $INT -p tcp --dport 80 -j DNAT --to 192.168.100.1:3128
Target to use is REDIRECT not DNAT. Or on systems with appropriately patched kernel TPROXY target is available. <snip remaining list of ports>
4. I have found this logs on cache.log 2007/10/23 13:47:42| parseHttpRequest: Requestheader contains NULL characters 2007/10/23 13:47:42| parseHttpRequest: Unsupported method 'BitTorrent' 2007/10/23 13:47:42| clientReadRequest: FD 137 (192.168.100.61:3907) Invalid Request 2007/10/23 13:47:43| parseHttpRequest: Requestheader contains NULL characters 2007/10/23 13:47:43| parseHttpRequest: Unsupported method 'BitTorrent' 2007/10/23 13:47:43| clientReadRequest: FD 89 (192.168.100.61:3908) Invalid Request 2007/10/23 13:47:43| parseHttpRequest: Requestheader contains NULL characters 2007/10/23 13:47:43| parseHttpRequest: Unsupported method 'BitTorrent' 2007/10/23 13:47:43| clientReadRequest: FD 152 (192.168.100.61:3909) Invalid I don't know if these experiment also exist, but it's a good way, maybe someone could make a patch that blocks torrents or p2p apps based on the cache.log results.
Better yet. The dev team is looking for somebody interested in adding full Torrent support to squid. That would entail adding settings and ACL to configure access/denial properly.
Amos
