All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] block p2p: ARES
@ 2005-06-22 12:31 :: L i n u XK i D ::
  2005-06-22 15:55 ` Klaus
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: :: L i n u XK i D :: @ 2005-06-22 12:31 UTC (permalink / raw)
  To: lartc

Hi....

I'm trying to setup a LAN router with P2P filter
but the problem is that can't "catch" Ares.

There is a way to DROP "ares" p2p packets ?

I've tried with last "ipp2p" snapshot without sucess...

I've
	Kernel 2.4.28
	iptables 1.3.0
	Various Patches from patch-o-matic-ng-20040621
	iproute2-ss020116
	IMQ Patch
	Esfq Patch
	Julian (route) Patch
	Debian Woody


This is my MANGLE table...


Chain PREROUTING (policy ACCEPT 8557K packets, 2822M bytes)
 pkts bytes target     prot opt in     out     source
destination
85574   24M p2ptraffic  all  --  *      *       0.0.0.0/0
0.0.0.0/0
.................

Chain p2ptraffic (1 references)
 pkts bytes target     prot opt in     out     source
destination
11860 1620K CONNMARK   all  --  *      *       0.0.0.0/0
0.0.0.0/0           ipp2p v0.7.4 --ipp2p CONNMARK set 0xa
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0
0.0.0.0/0           ipp2p v0.7.4 --bit CONNMARK set 0xa
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0
0.0.0.0/0           ipp2p v0.7.4 --apple CONNMARK set 0xa
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0
0.0.0.0/0           ipp2p v0.7.4 --winmx CONNMARK set 0xa
    1    57 CONNMARK   all  --  *      *       0.0.0.0/0
0.0.0.0/0           ipp2p v0.7.4 --soul CONNMARK set 0xa
    0     0 DROP       all  --  *      *       0.0.0.0/0
0.0.0.0/0           ipp2p v0.7.4 --ares
.........
54029   13M CONNMARK   all  --  *      *       0.0.0.0/0
0.0.0.0/0           CONNMARK match 0xa CONNMARK restore


But... ARES Packet are not bloked at the momment....
 0     0 DROP   ....  ipp2p v0.7.4 --ares

   :-(

Somebody haves sucessfull blocking ARES ?

regards...
Andres.

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] block p2p: ARES
  2005-06-22 12:31 [LARTC] block p2p: ARES :: L i n u XK i D ::
@ 2005-06-22 15:55 ` Klaus
  2005-07-04 10:39 ` Klaus
  2005-07-08 20:41 ` :: L i n u XK i D ::
  2 siblings, 0 replies; 4+ messages in thread
From: Klaus @ 2005-06-22 15:55 UTC (permalink / raw)
  To: lartc

I did a small test with the new ares version.
It seems they have switched their protocol and it is not detected at the 
moment.

Lets see how difficult the new ares protocol is and how fast we can 
integrate this into ipp2p.

Klaus

:: L i n u XK i D :: wrote:
> Hi....
> 
> I'm trying to setup a LAN router with P2P filter
> but the problem is that can't "catch" Ares.
> 
> There is a way to DROP "ares" p2p packets ?
> 
> I've tried with last "ipp2p" snapshot without sucess...
> 
> I've
> 	Kernel 2.4.28
> 	iptables 1.3.0
> 	Various Patches from patch-o-matic-ng-20040621
> 	iproute2-ss020116
> 	IMQ Patch
> 	Esfq Patch
> 	Julian (route) Patch
> 	Debian Woody
> 
> 
> This is my MANGLE table...
> 
> 
> Chain PREROUTING (policy ACCEPT 8557K packets, 2822M bytes)
>  pkts bytes target     prot opt in     out     source
> destination
> 85574   24M p2ptraffic  all  --  *      *       0.0.0.0/0
> 0.0.0.0/0
> .................
> 
> Chain p2ptraffic (1 references)
>  pkts bytes target     prot opt in     out     source
> destination
> 11860 1620K CONNMARK   all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           ipp2p v0.7.4 --ipp2p CONNMARK set 0xa
>     0     0 CONNMARK   all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           ipp2p v0.7.4 --bit CONNMARK set 0xa
>     0     0 CONNMARK   all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           ipp2p v0.7.4 --apple CONNMARK set 0xa
>     0     0 CONNMARK   all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           ipp2p v0.7.4 --winmx CONNMARK set 0xa
>     1    57 CONNMARK   all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           ipp2p v0.7.4 --soul CONNMARK set 0xa
>     0     0 DROP       all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           ipp2p v0.7.4 --ares
> .........
> 54029   13M CONNMARK   all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           CONNMARK match 0xa CONNMARK restore
> 
> 
> But... ARES Packet are not bloked at the momment....
>  0     0 DROP   ....  ipp2p v0.7.4 --ares
> 
>    :-(
> 
> Somebody haves sucessfull blocking ARES ?
> 
> regards...
> Andres.
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] block p2p: ARES
  2005-06-22 12:31 [LARTC] block p2p: ARES :: L i n u XK i D ::
  2005-06-22 15:55 ` Klaus
@ 2005-07-04 10:39 ` Klaus
  2005-07-08 20:41 ` :: L i n u XK i D ::
  2 siblings, 0 replies; 4+ messages in thread
From: Klaus @ 2005-07-04 10:39 UTC (permalink / raw)
  To: lartc

Hi,

there is a new version of ipp2p, which can detect ares connections now.

just go to www.ipp2p.org and download this version.

the parameter --ipp2p has changed, this is now ALL protocols

please contact me if you find bugs...

Klaus

Klaus wrote:
> I did a small test with the new ares version.
> It seems they have switched their protocol and it is not detected at the 
> moment.
> 
> Lets see how difficult the new ares protocol is and how fast we can 
> integrate this into ipp2p.
> 
> Klaus
> 
> :: L i n u XK i D :: wrote:
> 
>> Hi....
>>
>> I'm trying to setup a LAN router with P2P filter
>> but the problem is that can't "catch" Ares.
>>
>> There is a way to DROP "ares" p2p packets ?
>>
>> I've tried with last "ipp2p" snapshot without sucess...
>>
>> I've
>>     Kernel 2.4.28
>>     iptables 1.3.0
>>     Various Patches from patch-o-matic-ng-20040621
>>     iproute2-ss020116
>>     IMQ Patch
>>     Esfq Patch
>>     Julian (route) Patch
>>     Debian Woody
>>
>>
>> This is my MANGLE table...
>>
>>
>> Chain PREROUTING (policy ACCEPT 8557K packets, 2822M bytes)
>>  pkts bytes target     prot opt in     out     source
>> destination
>> 85574   24M p2ptraffic  all  --  *      *       0.0.0.0/0
>> 0.0.0.0/0
>> .................
>>
>> Chain p2ptraffic (1 references)
>>  pkts bytes target     prot opt in     out     source
>> destination
>> 11860 1620K CONNMARK   all  --  *      *       0.0.0.0/0
>> 0.0.0.0/0           ipp2p v0.7.4 --ipp2p CONNMARK set 0xa
>>     0     0 CONNMARK   all  --  *      *       0.0.0.0/0
>> 0.0.0.0/0           ipp2p v0.7.4 --bit CONNMARK set 0xa
>>     0     0 CONNMARK   all  --  *      *       0.0.0.0/0
>> 0.0.0.0/0           ipp2p v0.7.4 --apple CONNMARK set 0xa
>>     0     0 CONNMARK   all  --  *      *       0.0.0.0/0
>> 0.0.0.0/0           ipp2p v0.7.4 --winmx CONNMARK set 0xa
>>     1    57 CONNMARK   all  --  *      *       0.0.0.0/0
>> 0.0.0.0/0           ipp2p v0.7.4 --soul CONNMARK set 0xa
>>     0     0 DROP       all  --  *      *       0.0.0.0/0
>> 0.0.0.0/0           ipp2p v0.7.4 --ares
>> .........
>> 54029   13M CONNMARK   all  --  *      *       0.0.0.0/0
>> 0.0.0.0/0           CONNMARK match 0xa CONNMARK restore
>>
>>
>> But... ARES Packet are not bloked at the momment....
>>  0     0 DROP   ....  ipp2p v0.7.4 --ares
>>
>>    :-(
>>
>> Somebody haves sucessfull blocking ARES ?
>>
>> regards...
>> Andres.
>>
>> _______________________________________________
>> LARTC mailing list
>> LARTC@mailman.ds9a.nl
>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* RE: [LARTC] block p2p: ARES
  2005-06-22 12:31 [LARTC] block p2p: ARES :: L i n u XK i D ::
  2005-06-22 15:55 ` Klaus
  2005-07-04 10:39 ` Klaus
@ 2005-07-08 20:41 ` :: L i n u XK i D ::
  2 siblings, 0 replies; 4+ messages in thread
From: :: L i n u XK i D :: @ 2005-07-08 20:41 UTC (permalink / raw)
  To: lartc


Hi !

I've tried last the fantastic ipp2p kernel module.
My results are that:

	Ares can be DROPED only
	Emule, Kazaa and EDonkey 2000 can be limited and/or Droped.

And for this I have to use:

.....
FW="/usr/local/sbin/iptables"

# If I don't put next rule, Ares are not marked:
$FW -t mangle -A p2ptraffic -m ipp2p --ares -j DROP

# next p2p rules
$FW -t mangle -A p2ptraffic -p tcp -j CONNMARK --restore-mark
$FW -t mangle -A p2ptraffic -p tcp -m mark ! --mark 0 -j ACCEPT
$FW -t mangle -A p2ptraffic -p tcp -m ipp2p --ipp2p -j MARK --set-mark 10
$FW -t mangle -A p2ptraffic -p tcp -m mark --mark 10 -j CONNMARK --save-mark
$FW -t mangle -A p2ptraffic -p udp -m ipp2p --ipp2p -j MARK --set-mark 10
.....

iptables-1.3.1
kernel-2.4.28
squid-cache - 2.5-STABLE10
Debian Stable.


I hope this information can help for ipp2p module.

thank you very much.
andres.



-> -----Mensaje original-----

->
-> Hi,
->
-> there is a new version of ipp2p, which can detect ares connections now.
->
-> just go to www.ipp2p.org and download this version.
->
-> the parameter --ipp2p has changed, this is now ALL protocols
->
-> please contact me if you find bugs...
->
-> Klaus
->
-> Klaus wrote:
-> > I did a small test with the new ares version.
-> > It seems they have switched their protocol and it is not
-> detected at the
-> > moment.
-> >
-> > Lets see how difficult the new ares protocol is and how fast we can
-> > integrate this into ipp2p.
-> >
-> > Klaus
-> >
-> > :: L i n u XK i D :: wrote:
-> >
-> >> Hi....
-> >>
-> >> I'm trying to setup a LAN router with P2P filter
-> >> but the problem is that can't "catch" Ares.
-> >>
-> >> There is a way to DROP "ares" p2p packets ?
-> >>
-> >> I've tried with last "ipp2p" snapshot without sucess...
-> >>
-> >> I've
-> >>     Kernel 2.4.28
-> >>     iptables 1.3.0
-> >>     Various Patches from patch-o-matic-ng-20040621
-> >>     iproute2-ss020116
-> >>     IMQ Patch
-> >>     Esfq Patch
-> >>     Julian (route) Patch
-> >>     Debian Woody
-> >>
-> >>
-> >> This is my MANGLE table...
-> >>
-> >>
-> >> Chain PREROUTING (policy ACCEPT 8557K packets, 2822M bytes)
-> >>  pkts bytes target     prot opt in     out     source
-> >> destination
-> >> 85574   24M p2ptraffic  all  --  *      *       0.0.0.0/0
-> >> 0.0.0.0/0
-> >> .................
-> >>
-> >> Chain p2ptraffic (1 references)
-> >>  pkts bytes target     prot opt in     out     source
-> >> destination
-> >> 11860 1620K CONNMARK   all  --  *      *       0.0.0.0/0
-> >> 0.0.0.0/0           ipp2p v0.7.4 --ipp2p CONNMARK set 0xa
-> >>     0     0 CONNMARK   all  --  *      *       0.0.0.0/0
-> >> 0.0.0.0/0           ipp2p v0.7.4 --bit CONNMARK set 0xa
-> >>     0     0 CONNMARK   all  --  *      *       0.0.0.0/0
-> >> 0.0.0.0/0           ipp2p v0.7.4 --apple CONNMARK set 0xa
-> >>     0     0 CONNMARK   all  --  *      *       0.0.0.0/0
-> >> 0.0.0.0/0           ipp2p v0.7.4 --winmx CONNMARK set 0xa
-> >>     1    57 CONNMARK   all  --  *      *       0.0.0.0/0
-> >> 0.0.0.0/0           ipp2p v0.7.4 --soul CONNMARK set 0xa
-> >>     0     0 DROP       all  --  *      *       0.0.0.0/0
-> >> 0.0.0.0/0           ipp2p v0.7.4 --ares
-> >> .........
-> >> 54029   13M CONNMARK   all  --  *      *       0.0.0.0/0
-> >> 0.0.0.0/0           CONNMARK match 0xa CONNMARK restore
-> >>
-> >>
-> >> But... ARES Packet are not bloked at the momment....
-> >>  0     0 DROP   ....  ipp2p v0.7.4 --ares
-> >>
-> >>    :-(
-> >>
-> >> Somebody haves sucessfull blocking ARES ?
-> >>
-> >> regards...
-> >> Andres.
-> >>
-> >> _______________________________________________
-> >> LARTC mailing list
-> >> LARTC@mailman.ds9a.nl
-> >> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
-> >
-> > _______________________________________________
-> > LARTC mailing list
-> > LARTC@mailman.ds9a.nl
-> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
-> _______________________________________________
-> LARTC mailing list
-> LARTC@mailman.ds9a.nl
-> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-07-08 20:41 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-22 12:31 [LARTC] block p2p: ARES :: L i n u XK i D ::
2005-06-22 15:55 ` Klaus
2005-07-04 10:39 ` Klaus
2005-07-08 20:41 ` :: L i n u XK i D ::

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.