similar to: Solution for blocking kazaa with iptables

Greetings, I''ve searched, found ftwall, and some other commercial solutions, but am wondering if anyone on this list has any solutions using a linux firewall to block p2p traffic, more specifically Kazaa. Walter Wickersham _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

The version of the ''firewall'' script in CVS (/Shorewall project) is capable of integration with p2pwall (http://p2pwall.sourceforge.net). The ''rules'' file in CVS contains updated help information. The ''releasenotes.txt'' file in CVS gives the simple instructions for setting up Shorewall to work with p2pwall. Note: I have confirmed that

10/30/2003 - Shorewall 1.4.8 RC1 Given the small number of new features and the relatively few lines of code that were changed, there will be no Beta for 1.4.8. I am particularly interested in people testing: a) The interface to ''ftwall'' b) Handling of <zone>_frwd chains (those of you who had problems with 1.4.7b or that have reported extra rules in these chains).

Currently at: http://shorewall.net/pub/shorewall/shorewall-1.4.8 ftp://shorewall.net/pub/shorewall/shorewall-1.4.8 Coming soon to a mirror near you. This is a minor release of Shorewall. Problems Corrected since version 1.4.7: 1) Tuomo Soini has supplied a correction to a problem that occurs using some versions of ''ash''. The symptom is that "shorewall start"

On 5/27/05, gypsy <gypsy@iswest.com> wrote: > > > Yeah, I know what it means. > > Where did you get your esfq patch from? I downloded it from http://www.ssi.bg/~alex/esfq/<http://www.ssi.bg/%7Ealex/esfq/> What kernel version? If your kernel is 2.6 then get this patch: > http://kem.p.lodz.pl/~peter/qnet/ <http://kem.p.lodz.pl/%7Epeter/qnet/> > >

Stephen, This REALLY needs to be fixed in the code; tc should reject as a syntax error any "add filter" command that does not include a "prio" parameter. It also needs to be documented. === From LARTC mailing list === > Dear list, > After much code crunching and beating my head against the wall > (literally), I discovered the faulty code. Thanks mostly to

i am using ipp2p module (v 0.6) from http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html I have tried it on kazaa and e-donkey connections. Unfortunately, I am interesting in limiting kazaa traffic, which this modules seems not to work right with it. (Kazza traffic is not identified most of the cases....). Has anyone tried this kazza bandwidth control???

If you have a working proxyARP setup, will you please post it? I''ve tried to insert a Linux box between the DSL connection and the switch, but I''m getting nowhere. Everything works correctly when all the servers in this network use the switch to get to the DSL. Any box directly connected to the DSL also works correctly. http://www.sjdjweis.com/linux/proxyarp/ makes it sound

I do not how to use match string to deny kazaa traffic, if I put the word kazaa only http content is deny but the kazaa aplication is running, are there special commands to match string? thanks _________________________________________________________________ Charla con tus amigos en línea mediante MSN Messenger: http://messenger.microsoft.com/es

HTB: class htb 1:40 parent 1:1 leaf 40: prio 3 rate 358Kbit ceil 529Kbit \ burst 6Kb cburst 2260b Sent 145871726 bytes 97293 pkts (dropped 69, overlimits 0) rate 56741bit 37pps backlog 23p lended: 77429 borrowed: 19841 giants: 0 I would like to increase "backlog" because I think that would decrease "dropped". 23 packets of 1500 bytes each is only 34,500 bytes. IMO, there

I found the problem! It was me and it was dumb... This was the network layout: 10.10.10.0/24 1.2.3.0/27 10.10.10.n internal hosts | <----+-----+--------+ +-------+------>to the Internet | | | | Proxied | | | H.323 device Firewall Router eth1 eth0 1.2.3.11

Hi All, I cross compiled and run tc in arm platform. When I tried executing it I got this error. tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 mpu 64 RTNETLINK answers: Invalid argument Is there something I''m missing here... Thanks. Grace _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl

(i sent the same message from another email acount, that isn''t memberlist. sorry) Hi Everyone..!! i''m beginner in tc with htb, i''m use to limit public, and nat ip clients, i''m to add to one of my server and get this error: > tc qdisc add dev eth0 root handle 1: htb default 10 Unknown qdisc "htb", hence option "default" is unparsable

Hi I have been playing with tc. I''m using htb and sfq. I tried to setup shaping of every ip address within a /20. I found that there must be an upper limit of about 2096 on the number of rules (classes, qdiscs or filters). I was testing a /20 which gives 4096 classes, qdiscs and filters. I''m using hashkey to optimize processing of frames. When executing the script below - it

I have need to use HTB on multiple (5) IPs. The present setup has the DSL connection going to a switch and then each computer with an external IP configures the external interface to listen on that IP. I have had TERRIBLE luck trying to use iptables to DNAT so if DNAT needs to be done, any advice that includes tested and working examples would be sincerely appreciated. There are 3 computers

Hello ! I am using shorewall , it is okey. Just i like to forbid edonkey as i did for kazaa using ftwall. Thanks. Wahid.

Hi- I''m working in the IT department of a small liberal arts university-- we''re getting *massacred* by P2P traffic. Informal testing/probing indicates that about 60% of our traffic from the dorms was P2P-- we''ve taken the initial step of hardlimiting the dorms to no more than 40% of outgoing university bandwidth. Also, we''ve blocked the

Will someone please write a program that can be used to assist with u32 matches? What I envision is something like ipchains'' "--check" option, which tests a packet against the selected chain. tcfilter should check against the loaded filters. It would be REALLY nice if: 1) counters (showing the number of hits (in packets)) could be included. 2) a debug mode showing what the

This is a repost of a posting on 2/18/05 that did not survive the crash. Attached is a hacked patch that, when applied to iproute2-2.6.9 and newer (.10 is latest as of this writing) allows the use of esfq. Note that the original kernel patch must still be applied, so this probably does not apply to 2.6 kernels; it is meant for 2.4.18 and newer (.29 is latest as of this writing). Beware the

I have tested Devik''s tc (103592 bytes) and 2.6.8 which I compiled. Both return "RTNETLINK answers: Invalid argument". Stephen Hemminger should be sent a patch that fixes this. An example that returns the above error message is: tc filter add dev eth1 parent 1: protocol arp prio 5 u32 \ match u16 0x0806 0xffff at -2 flowid 1:50 I''m using this because it works: