-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiptables_block_p2p_traffic.sh
34 lines (31 loc) · 1.8 KB
/
iptables_block_p2p_traffic.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/bin/bash
# Insert into /etc/network/interface file
# Add the following line to the interface configuration block
# pre-up /opt/iptables_block_p2p_traffic.sh
# OR use cron or initscript to make sure the script runs at system startup
# Reject marked ED2K, BitTorrent traffic
iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A OUTPUT -m ipp2p --edk -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -m ipp2p --bit -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -m ipp2p --dc -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -m ipp2p --kazaa -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -m ipp2p --gnu -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -m mark --mark 1 -j CONNMARK --save-mark
iptables -A OUTPUT -m mark --mark 1 -j REJECT
# Log and drop URLs matches Torrent Network and DHT keywords
iptables -N LOGDROP > /dev/null 2> /dev/null
iptables -F LOGDROP
iptables -A LOGDROP -j LOG --log-prefix "LOGDROP "
iptables -A LOGDROP -j DROP
iptables -A OUTPUT -m string --algo bm --string "BitTorrent" -j LOGDROP
iptables -A OUTPUT -m string --algo bm --string "BitTorrent protocol" -j LOGDROP
iptables -A OUTPUT -m string --algo bm --string "peer_id=" -j LOGDROP
iptables -A OUTPUT -m string --algo bm --string ".torrent" -j LOGDROP
iptables -A OUTPUT -m string --algo bm --string "announce.php?passkey=" -j LOGDROP
iptables -A OUTPUT -m string --algo bm --string "torrent" -j LOGDROP
iptables -A OUTPUT -m string --algo bm --string "announce" -j LOGDROP
iptables -A OUTPUT -m string --algo bm --string "info_hash" -j LOGDROP
iptables -A OUTPUT -m string --string "get_peers" --algo bm -j LOGDROP
iptables -A OUTPUT -m string --string "announce_peer" --algo bm -j LOGDROP
iptables -A OUTPUT -m string --string "find_node" --algo bm -j LOGDROP