similar to: Contact for iptables-extension "ipp2p"?

Hi, can anybody comment on the cost of matching with IPP2P vs. Layer7. Also, does a iptables rule with more complicated matching mechanism also slow down processing if all the packets are matched before they reach the rule. I.e. is the mere existence of a potentially costly rule already slowing down processing or only if packets are actually processed by it? Thanks very much in advance.

HI I have a bridge running ipp2p blocking Ares traffic and others protocols. This bridge works fine buts since two weeks can''t block Ares traffic. All protocols block fine but Ares not (upload and download). Somebody are using ipp2p blocking the latest Ares version ? My system settings are: kernel : 2.6.13 iptables: 1.3.3 ipp2p: 0.81 rc1 iptables -L -v output: Chain FORWARD

Hello there, I''m having lots of problems with my setup here. Let me explain: I am network administrator for my university dorm. We are about 300 users, and we have 2 ADSL connections doing load balancing with 300kbits upstream and 2Mbit downstream. The load balancing is working great, we are doing connection tracking so I can mark and hence prioritize interactive traffic and ACKS

Hi I using ipp2p to block p2p traffic. How to enable to use p2p to me host in my net ? I using this setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -j DROP This setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -d ! mynet -j DROP iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -s ! mynet -j DROP not

Subject almost says it all, I wonder if there is a way for me to use iptables matches like l7 and/or ipp2p match in a bridge ( one ethernet in and one ethernet out ) ? Regards.

re I would like to do some firewalling and p2p shaping/limiting on one of the vlans in my network and I was thinking of using linux box as transparent bridged firewall/limiter. For this I''m planning to use AMD64 2.2Ghz box with 2 1gbit NIC (Broadcom 5721), that will be bridged. The box must be totally transparent and unseen in the network, as well as it should have much influence on

Hi all, I have found problems in p2p traffic detection. The ipp2p module works fine but in shorewall the rules written for this protocols never match because the initials p2p connection (login) match in ''-m state --state RELATED,ESTABLISHED -j ACCEPT'' rule before ''-m ipp2p --ipp2p -j DROP'' rule, so netfilter never filter p2p traffic. I have had to run

After varying degrees of success with p2p detection modules, I would like to write the following rules using iptables to reliably identify p2p traffic: 1. If a host on the network has 5 or more simutaneous tcp connections to ports above 1024, mark all connections to ports 1024 and above as 60. 2. If a host has received (or sent) UDP packets from 5 different hosts'' ports above 1024 in a

Hello, I guess a few of you know about the iptables-p2p project at the http://sourceforge.net/projects/iptables-p2p site. This suite has an excellent filter of which I use today and its running very smoothly. The main reason why I use this is because I desperately need to block torrents. IPP2P does not do this at this time (it seems to me in the doc at least). Is it maybe some way we could merge

Hello, I''ve been trying to shape the bittorrent traffic (on my external interface, upload), but without luck, for this I''m using layer7 filter right now, but I''ve also tried ipp2p, with the same results, I might say that this is not a problem with this packet classifiers, the problem is with HTB, here''s why. When I open azureus (the bittorrent client I

Hello everyone, I want an opinion from people who tryed different matching modules to match diferent types of traffic, especially p2p ones. I would like to hear which scales better as CPU usage and latency : ipp2p, iptables-p2p or l7-filter with the p2p patterns. I want to use one of them to block most of p2p (except maybe dc++ and emule which i want to shape). I would use the matching rules in

Hello every body: I have RedHat fedora core 2 machine, using iptables and squid. I am having a lot of problems with peer2peer traffic. (bittorrent, kazaa, etc.) so I have installed ipp2p from rpm. Every thing was ok until I use iptables rules. I get this error. [root@router iptables]# iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP iptables: No chain/target/match by that name sames

Hi all !!! I have a firewall bridge (not router) with two nics that filter p2p with ipp2p. All works fine but now I need to add a third nic to route all p2p traffic through this nic. It is that possible with a bridge ? Later (with other server) connect to this nic I do loading balancing with two adsl lines to route all p2p traffic. Any hint ? Any howto ? Thanks in advance. roberto --

Hi all I''m new in this list and i hope to lear and to help if possible. But firt i need help :-( I have this messege in my syslog when my classes and qdiscs goes down. Can any one know what does it mean? Thnx in advance. Yannick Arrimadas Bot Oct 14 16:09:27 pototogorri kernel: HTB init, kernel part version 3.17 Oct 14 16:09:27 pototogorri kernel: Unable to handle kernel paging

Hi, I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it? I am not runnig iptables as a script nor have I put anything in my rc.local. But instaed, I input the commands and save it by using the below cmmand /etc/init.d/iptables save and I restart it /etc/init.d/iptables restart My box runs on Cent OS 4.4. Help

Greetings, I''ve searched, found ftwall, and some other commercial solutions, but am wondering if anyone on this list has any solutions using a linux firewall to block p2p traffic, more specifically Kazaa. Walter Wickersham _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Im getting into tc. How can I control P2P (peer to peer) traffic??? which filters??? any ideas??? Hugonik

Hi, I''ve a linux as router nat + firewall (POLICY DROP for INPUT OUTPUT and FORWARD) but, I''ve put next rules for p2p software on FORWARD chain [... snip ... ] iptables -F FORWARD iptables -P FORWARD DROP iptables -A FORWARD -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -p tcp --dport 25 -j ACCEPT [... snip ... ] iptables -A FORWARD -m ipp2p --ipp2p -j ACCEPT iptables -A

Hi I believe that whole question is in topic. Is there any way to recognize ( and then shape ) p2p traffic which is encrypted? Modern p2p clients have this ability moreover some of them have this enabled by default. Now I''m using ipp2p for iptables but as I know this doesn''t recognize encrypted traffic. Thanks in advance. Pozdrawiam Szymon Turkiewicz

Hi, A, B and C are three machines. A and C directly access to theInternet while B access to the Internet through A. +-------------------------------------------------------------+ | +-------------+ +-------------+ | | | A | | B | | | | | --- eth0 ---> <--- eth0 --- | | | | | 192.168.0.1