Your answer is in here
/sbin/iptables --new-chain ipp2p_block
# Block p2p protocols
{
foreach $service ('ipp2p','bit','apple','winmx','soul','ares')
{
$proto = $ipp2p{$service} || 'disabled';
if ( $proto ne 'disabled' ) {
$OUT .= " /sbin/iptables -A ipp2p_block ";
$OUT .= "-p tcp " if $proto eq 'tcp';
$OUT .= "-p udp " if $proto eq 'udp';
$OUT .= "-m ipp2p --$service -j denylog\n";
} else {
$OUT .= " # ipp2p ($service) disabled\n";
}
}
}
# Block p2p traffic at INPUT and FORWARD
/sbin/iptables --append INPUT -j ipp2p_block
/sbin/iptables --append FORWARD -j ipp2p_block
and here
/sbin/iptables --flush ipp2p_block
# Block p2p protocols
{
foreach $service ('ipp2p','bit','apple','winmx','soul','ares')
{
$proto = $ipp2p{$service} || 'disabled';
if ( $proto ne 'disabled' ) {
$OUT .= " /sbin/iptables -A ipp2p_block ";
$OUT .= "-p tcp " if $proto eq 'tcp';
$OUT .= "-p udp " if $proto eq 'udp';
$OUT .= "-m ipp2p --$service -j denylog\n";
} else {
$OUT .= " # ipp2p ($service) disabled\n";
}
}
}
and you probably need a
signal-event remoteaccess-update
when your done.