Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: If you want to block p2p without using ipp2p module try this
« previous next »
Pages: [1]   Go Down

If you want to block p2p without using ipp2p module try this

  • 1 Replies
  • 2873 Views

Offline hatsa

  • *
  • 25
  • +0/-0
If you want to block p2p without using ipp2p module try this
« on: January 06, 2009, 10:22:37 AM »
hii all u can use this ip tables  script to block p2p
this script allow only http, shell access, ftp, yahoo and MSN

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT ACCEPT


#
#
iptables -F INPUT

iptables -F FORWARD

iptables -F OUTPUT

iptables -F -t nat

#eth0 is local ip

#eth1 is public ip

#
#
#INPUT Rule

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j ACCEPT

iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 80 -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 443 -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 22 -j ACCEPT

iptables -A INPUT -p udp -s 0/0 -d 0/0 --destination-port 53 -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 1863 -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 5050 -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 21 -j ACCEPT

#

#Forward rule

iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i eth0 -p tcp --destination-port 80 -o eth1 -j ACCEPT

iptables -A FORWARD -i eth0 -p tcp --destination-port 443 -o eth1 -j ACCEPT

iptables -A FORWARD -i eth0 -p udp --destination-port 53 -o eth1 -j ACCEPT

iptables -A FORWARD -i eth0 -p tcp --destination-port 1863 -o eth1 -j ACCEPT

iptables -A FORWARD -i eth0 -p tcp --destination-port 5050 -o eth1 -j ACCEPT

iptables -A FORWARD -i eth0 -p tcp --destination-port 22 -o eth1 -j ACCEPT

iptables -A FORWARD -i eth0 -p tcp --destination-port 21 -o eth1 -j ACCEPT

#

#nat table

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Logged

Offline Stefano

  • *
  • 10,839
  • +2/-0
Re: If you want to block p2p without using ipp2p module try this
« Reply #1 on: January 06, 2009, 10:32:49 AM »
hatsa: DON'T modify iptables chains..

you should read the documentation (in particular the developer manual) to understand how iptables/firewall rules are in SME.

IMHO you are trying to use SME for something it is not designed for.. you should put a real firewall/proxy in front of your lan (see ipcop, m0n0wall, smoothwall, pfsense, endian.. what you prefer) and leave SME do other things than firewalling

@all: don't use hatsa's suggestion as it would break your SME

Ciao
Stefano
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: If you want to block p2p without using ipp2p module try this