Versão Imprimível
Pessoal preciso de uma lista de regras de iptables ou portas
atualizadas para bloqueio de p2p ( kazaa. emule, ...), bittorrent, e
programas semelhantes que os usuários usam para fazer dowload de
filems, jogos, mp3.
Se alguém pode ajudar ae agradeço !!!
Robson.
eae cara,
Ja tive bastante trabalho para bloquear os p2p. O negocio é o seguinte, o programas lite (k-lite, etc) estao conseguindo burlar as regras "basica" do iptables entao a solucao é instalar o ipp2p... isso realmente fuinciona...
O ipp2p nao bloqueia extamente as conexoes p2p, mas ele limita a velocidade (para conexoes p2p) em 1kbps, esta forma os downloads nunca comecam. Se vc utilizar o ipp2p vc vai ter a impressao q nao esta bloquenado, mas esta, pois vc consegue fazer o search e marcar downloads, mas ele nunca comecam.... vc pode pergar o ipp2p no end:
http://rnvs.informatik.uni-leipzig.d...pp2p.06.tar.gz
ai a regra no iptables para bloquear fica assim:
iptables -A FORWARD -p tcp -m ipp2p --ipp2p -j DROP
iptables -A FORWARD -p tcp -m ipp2p --ipp2p-data -j DROP
So mais uma coisa... talves vc tenha que intalar o POM, ou melhor atualizar o seu iptables para versoes superiores a 1.2.9.
[] Dotta :twisted:
eu tentei compilar o ipp2p, olha o err oque da:
[root@servnet ipp2p]# make
gcc -O2 -Wall -DNETFILTER_VERSION=\"1.2.7a\" -I/usr/src/iptables-1.2.9/include -fPIC -c libipt_ipp2p.c
libipt_ipp2p.c:9:22: iptables.h: No such file or directory
libipt_ipp2p.c:64: warning: `struct ipt_entry_match' declared inside parameter list
libipt_ipp2p.c:64: warning: its scope is only this definition or declaration, which is probably not what you want
libipt_ipp2p.c: In function `init':
libipt_ipp2p.c:66: `NFC_UNKNOWN' undeclared (first use in this function)
libipt_ipp2p.c:66: (Each undeclared identifier is reported only once
libipt_ipp2p.c:66: for each function it appears in.)
libipt_ipp2p.c: At top level:
libipt_ipp2p.c:74: warning: `struct ipt_entry_match' declared inside parameter list
libipt_ipp2p.c:74: warning: `struct ipt_entry' declared inside parameter list
libipt_ipp2p.c: In function `parse':
libipt_ipp2p.c:76: dereferencing pointer to incomplete type
libipt_ipp2p.c:82: warning: implicit declaration of function `exit_error'
libipt_ipp2p.c:82: `PARAMETER_PROBLEM' undeclared (first use in this function)
libipt_ipp2p.c: In function `final_check':
libipt_ipp2p.c:364: `PARAMETER_PROBLEM' undeclared (first use in this function)
libipt_ipp2p.c: At top level:
libipt_ipp2p.c:373: warning: `struct ipt_entry_match' declared inside parameter list
libipt_ipp2p.c:373: warning: `struct ipt_ip' declared inside parameter list
libipt_ipp2p.c: In function `print':
libipt_ipp2p.c:375: dereferencing pointer to incomplete type
libipt_ipp2p.c: At top level:
libipt_ipp2p.c:397: warning: `struct ipt_entry_match' declared inside parameter list
libipt_ipp2p.c:397: warning: `struct ipt_ip' declared inside parameter list
libipt_ipp2p.c: In function `save':
libipt_ipp2p.c:399: dereferencing pointer to incomplete type
libipt_ipp2p.c: At top level:
libipt_ipp2p.c:421: variable `ipp2p' has initializer but incomplete type
libipt_ipp2p.c:421: warning: excess elements in struct initializer
libipt_ipp2p.c:421: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:422: warning: excess elements in struct initializer
libipt_ipp2p.c:422: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:423: warning: excess elements in struct initializer
libipt_ipp2p.c:423: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:424: warning: implicit declaration of function `IPT_ALIGN'
libipt_ipp2p.c:424: warning: excess elements in struct initializer
libipt_ipp2p.c:424: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:425: warning: excess elements in struct initializer
libipt_ipp2p.c:425: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:426: warning: excess elements in struct initializer
libipt_ipp2p.c:426: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:427: warning: excess elements in struct initializer
libipt_ipp2p.c:427: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:428: warning: excess elements in struct initializer
libipt_ipp2p.c:428: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:429: warning: excess elements in struct initializer
libipt_ipp2p.c:429: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:430: warning: excess elements in struct initializer
libipt_ipp2p.c:430: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:431: warning: excess elements in struct initializer
libipt_ipp2p.c:431: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:433: warning: excess elements in struct initializer
libipt_ipp2p.c:433: warning: (near initialization for `ipp2p')
libipt_ipp2p.c: In function `_init':
libipt_ipp2p.c:439: warning: implicit declaration of function `register_match'
/usr/include/ctype.h: At top level:
libipt_ipp2p.c:421: storage size of `ipp2p' isn't known
make: *** [libipt_ipp2p.so] Error 1
Mas ai ficaria dificil atualziar o iptables aqui, pos tenho um linux todo recompilado, com controle de MAC e banda .. vai q dá um pau nas minhas regras e no meu sistema.
Vo tentar pegar algum outro software de controle de banda, pois aqui o problema é que 2 usuários escaparam do controle de Upload.
Talvez se eu pegase outro programa e aplicasse somente a esses 2 usuários que estão em aliases da eth1, talves desse certo !!
da uma olhada nop artigo abaixa q o ipp2p nao é so make a instalacao....
https://under-linux.org/modules.php?...icle&artid=286
ai deve funcionar
[] Dotta :twisted: