Pessoal preciso de uma lista de regras de iptables ou portas
atualizadas para bloqueio de p2p ( kazaa. emule, ...), bittorrent, e
programas semelhantes que os usuários usam para fazer dowload de
filems, jogos, mp3.
Se alguém pode ajudar ae agradeço !!!
Robson.
-
27-09-2004, 13:18 #1moon_knightVisitante
bloqUEio de p2p com iptables
-
27-09-2004, 14:12 #2
- Ingresso
- Aug 2004
- Posts
- 616
bloqUEio de p2p com iptables
eae cara,
Ja tive bastante trabalho para bloquear os p2p. O negocio é o seguinte, o programas lite (k-lite, etc) estao conseguindo burlar as regras "basica" do iptables entao a solucao é instalar o ipp2p... isso realmente fuinciona...
O ipp2p nao bloqueia extamente as conexoes p2p, mas ele limita a velocidade (para conexoes p2p) em 1kbps, esta forma os downloads nunca comecam. Se vc utilizar o ipp2p vc vai ter a impressao q nao esta bloquenado, mas esta, pois vc consegue fazer o search e marcar downloads, mas ele nunca comecam.... vc pode pergar o ipp2p no end:
http://rnvs.informatik.uni-leipzig.d...pp2p.06.tar.gz
ai a regra no iptables para bloquear fica assim:
iptables -A FORWARD -p tcp -m ipp2p --ipp2p -j DROP
iptables -A FORWARD -p tcp -m ipp2p --ipp2p-data -j DROP
So mais uma coisa... talves vc tenha que intalar o POM, ou melhor atualizar o seu iptables para versoes superiores a 1.2.9.
[] Dotta :twisted:
-
27-09-2004, 14:33 #3epfVisitante bloqUEio de p2p com iptables
eu tentei compilar o ipp2p, olha o err oque da:
[root@servnet ipp2p]# make
gcc -O2 -Wall -DNETFILTER_VERSION=\"1.2.7a\" -I/usr/src/iptables-1.2.9/include -fPIC -c libipt_ipp2p.c
libipt_ipp2p.c:9:22: iptables.h: No such file or directory
libipt_ipp2p.c:64: warning: `struct ipt_entry_match' declared inside parameter list
libipt_ipp2p.c:64: warning: its scope is only this definition or declaration, which is probably not what you want
libipt_ipp2p.c: In function `init':
libipt_ipp2p.c:66: `NFC_UNKNOWN' undeclared (first use in this function)
libipt_ipp2p.c:66: (Each undeclared identifier is reported only once
libipt_ipp2p.c:66: for each function it appears in.)
libipt_ipp2p.c: At top level:
libipt_ipp2p.c:74: warning: `struct ipt_entry_match' declared inside parameter list
libipt_ipp2p.c:74: warning: `struct ipt_entry' declared inside parameter list
libipt_ipp2p.c: In function `parse':
libipt_ipp2p.c:76: dereferencing pointer to incomplete type
libipt_ipp2p.c:82: warning: implicit declaration of function `exit_error'
libipt_ipp2p.c:82: `PARAMETER_PROBLEM' undeclared (first use in this function)
libipt_ipp2p.c: In function `final_check':
libipt_ipp2p.c:364: `PARAMETER_PROBLEM' undeclared (first use in this function)
libipt_ipp2p.c: At top level:
libipt_ipp2p.c:373: warning: `struct ipt_entry_match' declared inside parameter list
libipt_ipp2p.c:373: warning: `struct ipt_ip' declared inside parameter list
libipt_ipp2p.c: In function `print':
libipt_ipp2p.c:375: dereferencing pointer to incomplete type
libipt_ipp2p.c: At top level:
libipt_ipp2p.c:397: warning: `struct ipt_entry_match' declared inside parameter list
libipt_ipp2p.c:397: warning: `struct ipt_ip' declared inside parameter list
libipt_ipp2p.c: In function `save':
libipt_ipp2p.c:399: dereferencing pointer to incomplete type
libipt_ipp2p.c: At top level:
libipt_ipp2p.c:421: variable `ipp2p' has initializer but incomplete type
libipt_ipp2p.c:421: warning: excess elements in struct initializer
libipt_ipp2p.c:421: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:422: warning: excess elements in struct initializer
libipt_ipp2p.c:422: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:423: warning: excess elements in struct initializer
libipt_ipp2p.c:423: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:424: warning: implicit declaration of function `IPT_ALIGN'
libipt_ipp2p.c:424: warning: excess elements in struct initializer
libipt_ipp2p.c:424: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:425: warning: excess elements in struct initializer
libipt_ipp2p.c:425: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:426: warning: excess elements in struct initializer
libipt_ipp2p.c:426: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:427: warning: excess elements in struct initializer
libipt_ipp2p.c:427: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:428: warning: excess elements in struct initializer
libipt_ipp2p.c:428: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:429: warning: excess elements in struct initializer
libipt_ipp2p.c:429: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:430: warning: excess elements in struct initializer
libipt_ipp2p.c:430: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:431: warning: excess elements in struct initializer
libipt_ipp2p.c:431: warning: (near initialization for `ipp2p')
libipt_ipp2p.c:433: warning: excess elements in struct initializer
libipt_ipp2p.c:433: warning: (near initialization for `ipp2p')
libipt_ipp2p.c: In function `_init':
libipt_ipp2p.c:439: warning: implicit declaration of function `register_match'
/usr/include/ctype.h: At top level:
libipt_ipp2p.c:421: storage size of `ipp2p' isn't known
make: *** [libipt_ipp2p.so] Error 1
-
27-09-2004, 14:37 #4moon_knightVisitante bloqUEio de p2p com iptables
Mas ai ficaria dificil atualziar o iptables aqui, pos tenho um linux todo recompilado, com controle de MAC e banda .. vai q dá um pau nas minhas regras e no meu sistema.
Vo tentar pegar algum outro software de controle de banda, pois aqui o problema é que 2 usuários escaparam do controle de Upload.
Talvez se eu pegase outro programa e aplicasse somente a esses 2 usuários que estão em aliases da eth1, talves desse certo !!
-
27-09-2004, 14:42 #5
- Ingresso
- Aug 2004
- Posts
- 616
bloqUEio de p2p com iptables
da uma olhada nop artigo abaixa q o ipp2p nao é so make a instalacao....
https://under-linux.org/modules.php?...icle&artid=286
ai deve funcionar
[] Dotta :twisted:
Citação