In theory, for all p2p traffic matched by ipp2p you only need
"--ipp2p"
parameter, not the rest you put.
You could use this:
#FIRST allow your net p2p traffic:
iptables -A FORWARD -d mynet -m ipp2p --ipp2p -j ACCEPT
iptables -A FORWARD -s mynet -m ipp2p --ipp2p -j ACCEPT
#Next, drop not your net p2p traffic:
iptables -A FORWARD -m ipp2p --ipp2p -j DROP
If these don''t works (I remember some months ago I test it and
don''t works
fine), you''ll need many rules, one per p2p type of traffic, as this:
iptables -A FORWARD -d mynet -m ipp2p --bit -j ACCEPT
iptables -A FORWARD -s mynet -m ipp2p --bit -j ACCEPT
iptables -A FORWARD -m ipp2p --bit -j DROP
iptables -A FORWARD -d mynet -m ipp2p --apple -j ACCEPT
iptables -A FORWARD -s mynet -m ipp2p --apple -j ACCEPT
iptables -A FORWARD -m ipp2p --apple -j DROP
...
iptables -A FORWARD -d mynet -m ipp2p --soul -j ACCEPT
iptables -A FORWARD -s mynet -m ipp2p --soul -j ACCEPT
iptables -A FORWARD -m ipp2p --soul -j DROP
Or if you don''t want to write much, you can use:
export p2p_list="bit apple ... soul"
for i in ${p2p_list}; do
iptables -A FORWARD -d mynet -m ipp2p --$i -j ACCEPT
iptables -A FORWARD -s mynet -m ipp2p --$i -j ACCEPT
iptables -A FORWARD -m ipp2p --$i -j DROP
done;
> Roberto Pereyra wrote:
>> Hi
>>
>> I using ipp2p to block p2p traffic.
>>
>> How to enable to use p2p to me host in my net ?
>>
>> I using this setup:
>>
>> iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul
--ares
>> -j DROP
>>
>>
>> This setup:
>>
>> iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul
>> --ares -d ! mynet -j DROP
>>
>> iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul
>> --ares -s ! mynet -j DROP
>>
>>
>> not works ....
>
> Don''t know really as I don''t use ipp2p - but you could
just match and
> return/accept mynet traffic before the ipp2p rules are hit.
>
> Andy.
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>