Tuesday, March 22, 2011

Block Commonly Used Torrent on Linux Getway

#! /bin/bash


  iptables -I FORWARD -i eth0 -p tcp --syn --dport 1: -m connlimit --connlimit-above 25 -j REJECT
   iptables -I FORWARD -i eth0 -p tcp --syn --dport 1024: -m connlimit --connlimit-above 5 -j REJECT
   iptables -I FORWARD -i eth0 -p udp --dport 1: -m connlimit --connlimit-above 25 -j REJECT
   iptables -I FORWARD -i eth0 -p udp --dport 1024: -m connlimit --connlimit-above 5 -j REJECT

# filter out bad/corrupted p2p traffic

    iptables -I PREROUTING -t mangle -m conntrack --ctstate INVALID -j DROP

# block Blobster and Piolet from downloading the initial peer list

    iptables -I FORWARD -i eth0 -p tcp --dport 80 -d 128.121.0.0/16 -j REJECT

# and then to block the specific apps :

    # block eDonkey

    iptables -I FORWARD -i eth0 -p tcp --dport 4662 -j REJECT
    iptables -I FORWARD -i eth0 -p tcp --sport 4662 -j REJECT

    # block Limewire, Morpheus, Bearshare

    iptables -I FORWARD -i eth0 -p tcp --dport 6346:6347 -j REJECT
    iptables -I FORWARD -i eth0 -p tcp --sport 6346:6347 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --dport 6346:6347 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --sport 6346:6347 -j REJECT

    # block eMule

    iptables -I FORWARD -i eth0 -p udp --dport 4672 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --sport 4672 -j REJECT

    # block BitTorrent

    iptables -I FORWARD -i eth0 -p tcp --dport 6881:6889 -j REJECT
    iptables -I FORWARD -i eth0 -p tcp --sport 6881:6889 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --dport 6881:6889 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --sport 6881:6889 -j REJECT

    # block WinMx

    iptables -I FORWARD -i eth0 -p tcp --dport 6699 -j REJECT
    iptables -I FORWARD -i eth0 -p tcp --sport 6699 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --dport 6699 -j REJECT
    iptables -I FORWARD -i eth0 -p udp --sport 6699 -j REJECT

No comments: