Question about xt_ipp2p module

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dmitry Korzhevin <dmitry.korzhevin@stidia.com>
To: netfilter-devel@vger.kernel.org
Subject: Question about xt_ipp2p module
Date: Tue, 26 Mar 2013 21:55:35 +0200	[thread overview]
Message-ID: <5151FD37.6040700@stidia.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 2929 bytes --]

Hi,

I'm using Debian 6.0.7 x86_64. I have installed xtables with xt_ipp2p 
and seems i did something wrong, because my rules doesn't drop 
bittorrent traffic. Please help

Installation:

apt-get install module-assistant xtables-addons-source
module-assistant prepare
module-assistant auto-install xtables-addons-source
depmod -a
modprobe xt_ipp2p

lsmod | grep p2p

xt_ipp2p                6297  3
compat_xtables          3111  1 xt_ipp2p

I have added rules to all iptables chains:

iptables -I FORWARD 1 -m ipp2p --bit -j DROP
iptables -I INPUT 1 -m ipp2p --bit -j DROP
iptables -I OUTPUT 1 -m ipp2p --bit -j DROP

Here is my iptables rules:

# Generated by iptables-save v1.4.8 on Tue Mar 26 20:45:56 2013
*nat
:PREROUTING ACCEPT [654835:50597876]
:POSTROUTING ACCEPT [436798:25728576]
:OUTPUT ACCEPT [436371:25593024]
-A POSTROUTING -s 10.3.0.0/16 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.2.0.0/16 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.1.0.0/16 -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Mar 26 20:45:56 2013
# Generated by iptables-save v1.4.8 on Tue Mar 26 20:45:56 2013
*filter
:INPUT ACCEPT [1986:141808]
:FORWARD ACCEPT [89:11517]
:OUTPUT ACCEPT [1796:190899]
:sshguard - [0:0]
-A INPUT -m ipp2p --bit -j DROP
-A INPUT -j sshguard
-A FORWARD -m ipp2p --bit -j DROP
-A OUTPUT -m ipp2p --bit -j DROP
COMMIT
# Completed on Tue Mar 26 20:45:56 2013



This server rules, after my VPN (ipsec) connection and start downloading 
torrent:

iptables -nL -v --line-numbers
Chain INPUT (policy ACCEPT 70 packets, 8404 bytes)
num   pkts bytes target     prot opt in     out     source  destination
1       26  2466 DROP       all  --  *      *       0.0.0.0/0  0.0.0.0/0 
           ipp2p --bit
2      17M 4140M sshguard   all  --  *      *       0.0.0.0/0  0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source  destination
1       33  2970 ACCEPT     all  --  eth0   *       10.2.0.2  0.0.0.0/0 
           policy match dir in pol ipsec reqid 116 proto 50
2       26 10983 ACCEPT     all  --  *      eth0    0.0.0.0/0  10.2.0.2 
            policy match dir out pol ipsec reqid 116 proto 50
3        0     0 DROP       all  --  *      *       0.0.0.0/0  0.0.0.0/0 
           ipp2p --bit

Chain OUTPUT (policy ACCEPT 51 packets, 18004 bytes)
num   pkts bytes target     prot opt in     out     source  destination
1        0     0 DROP       all  --  *      *       0.0.0.0/0  0.0.0.0/0 
           ipp2p --bit

Chain sshguard (1 references)
num   pkts bytes target     prot opt in     out     source  destination


Seems ipsec rules has higer priority than my rule in chain FORWARD.




Best Regards,
Dmitry

---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg

e: dmitry.korzhevin@stidia.com
m: +38 093 874 5453
w: http://www.stidia.com


[-- Attachment #2: Криптографическая подпись S/MIME --]
[-- Type: application/pkcs7-signature, Size: 4488 bytes --]

next             reply	other threads:[~2013-03-26 20:27 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-26 19:55 Dmitry Korzhevin [this message]
     [not found] <5151FCD4.8020901@stidia.com>
2013-03-26 21:28 ` Question about xt_ipp2p module Andrew Beverley
     [not found]   ` <5152B9AE.4020901@stidia.com>
2013-03-27 13:32     ` Jan Engelhardt
2013-03-27 17:52       ` Andrew Beverley
2013-03-28 17:59         ` Jan Engelhardt
2013-03-27 17:56     ` Andrew Beverley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5151FD37.6040700@stidia.com \
    --to=dmitry.korzhevin@stidia.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.