From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dmitry Korzhevin Subject: Question about xt_ipp2p module Date: Tue, 26 Mar 2013 21:55:35 +0200 Message-ID: <5151FD37.6040700@stidia.com> Reply-To: dmitry.korzhevin@stidia.com Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms010108090001080401000202" To: netfilter-devel@vger.kernel.org Return-path: Received: from tanzanite.stidia.com ([176.28.52.97]:59098 "EHLO tanzanite.stidia.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751131Ab3CZU1W (ORCPT ); Tue, 26 Mar 2013 16:27:22 -0400 Received: from [94.232.209.182] (helo=[192.168.1.149]) by tanzanite.stidia.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from ) id 1UKZw6-0006ao-Ef for netfilter-devel@vger.kernel.org; Tue, 26 Mar 2013 20:53:35 +0100 Sender: netfilter-devel-owner@vger.kernel.org List-ID: Это сообщение в формате MIME подписано с использованием криптографии. --------------ms010108090001080401000202 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi, I'm using Debian 6.0.7 x86_64. I have installed xtables with xt_ipp2p=20 and seems i did something wrong, because my rules doesn't drop=20 bittorrent traffic. Please help Installation: apt-get install module-assistant xtables-addons-source module-assistant prepare module-assistant auto-install xtables-addons-source depmod -a modprobe xt_ipp2p lsmod | grep p2p xt_ipp2p 6297 3 compat_xtables 3111 1 xt_ipp2p I have added rules to all iptables chains: iptables -I FORWARD 1 -m ipp2p --bit -j DROP iptables -I INPUT 1 -m ipp2p --bit -j DROP iptables -I OUTPUT 1 -m ipp2p --bit -j DROP Here is my iptables rules: # Generated by iptables-save v1.4.8 on Tue Mar 26 20:45:56 2013 *nat :PREROUTING ACCEPT [654835:50597876] :POSTROUTING ACCEPT [436798:25728576] :OUTPUT ACCEPT [436371:25593024] -A POSTROUTING -s 10.3.0.0/16 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.2.0.0/16 -o eth0 -j MASQUERADE -A POSTROUTING -s 10.1.0.0/16 -o eth0 -j MASQUERADE COMMIT # Completed on Tue Mar 26 20:45:56 2013 # Generated by iptables-save v1.4.8 on Tue Mar 26 20:45:56 2013 *filter :INPUT ACCEPT [1986:141808] :FORWARD ACCEPT [89:11517] :OUTPUT ACCEPT [1796:190899] :sshguard - [0:0] -A INPUT -m ipp2p --bit -j DROP -A INPUT -j sshguard -A FORWARD -m ipp2p --bit -j DROP -A OUTPUT -m ipp2p --bit -j DROP COMMIT # Completed on Tue Mar 26 20:45:56 2013 This server rules, after my VPN (ipsec) connection and start downloading = torrent: iptables -nL -v --line-numbers Chain INPUT (policy ACCEPT 70 packets, 8404 bytes) num pkts bytes target prot opt in out source destination 1 26 2466 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 = ipp2p --bit 2 17M 4140M sshguard all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 33 2970 ACCEPT all -- eth0 * 10.2.0.2 0.0.0.0/0=20 policy match dir in pol ipsec reqid 116 proto 50 2 26 10983 ACCEPT all -- * eth0 0.0.0.0/0 10.2.0.2=20 policy match dir out pol ipsec reqid 116 proto 50 3 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 = ipp2p --bit Chain OUTPUT (policy ACCEPT 51 packets, 18004 bytes) num pkts bytes target prot opt in out source destination 1 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 = ipp2p --bit Chain sshguard (1 references) num pkts bytes target prot opt in out source destination Seems ipsec rules has higer priority than my rule in chain FORWARD. Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhevin@stidia.com m: +38 093 874 5453 w: http://www.stidia.com --------------ms010108090001080401000202 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: Криптографическая подпись S/MIME MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIMUTCC BVswggRDoAMCAQICEBAXCRnWYwXN5VOJvb2Bt6UwDQYJKoZIhvcNAQEFBQAwgd0xCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlz aWduLmNvbS9ycGEgKGMpMDkxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDE3MDUG A1UEAxMuVmVyaVNpZ24gQ2xhc3MgMSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0EgLSBHMzAe Fw0xMjA1MTQwMDAwMDBaFw0xMzA1MTQyMzU5NTlaMIIBHjEXMBUGA1UEChMOVmVyaVNpZ24s IEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52 ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMp OTgxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDEzMDEGA1UECxMqRGlnaXRhbCBJ RCBDbGFzcyAxIC0gTmV0c2NhcGUgRnVsbCBTZXJ2aWNlMRkwFwYDVQQDFBBEbWl0cnkgS29y emhldmluMSowKAYJKoZIhvcNAQkBFhtkbWl0cnkua29yemhldmluQHN0aWRpYS5jb20wggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTyiREAH91IYO/CLjsMyO7Qj5j9m8HBK5o IFrNIq4o1srhg+jaXttbNjCLybJ8hELw+sylchCCQ8doDpSdz22LmGCdGSVis7uqzOnzA6dl d6oDcty+FbdouGdk5wmJv+pKAFzImnDN4r9rmk7vbBmIzrsAUH1TSBV7d+nK2bzi3eYAivj5 /MVjW9/HHclszNRCOHdL65mlIVs3WIgUlRYCpG6dbjXhLz+GsE0Cjpw+hCCr/OU69VS/y+q3 agKYywKzM65ojTHaYQKBRHxiet6bboll0zKivqHdAlIpEB9uuMg9zNGlNHOH/FPr2v57HoBR mi7PqH5fC0U4Ya3ReajtAgMBAAGjgdIwgc8wCQYDVR0TBAIwADBEBgNVHSAEPTA7MDkGC2CG SAGG+EUBBxcBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEw CwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjBQBgNVHR8ESTBH MEWgQ6BBhj9odHRwOi8vaW5kYzFkaWdpdGFsaWQtZzMtY3JsLnZlcmlzaWduLmNvbS9JbmRD MURpZ2l0YWxJRC1HMy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAL2kjOqungsDNuIhVcNb0XQ/ AdLoJcg/wmu+jTUtW1wPHGJv13vLRSxr8LYIrSYfwq+IsFdaLdXl4G8yyKkXQT/G2G1LDJJv 1q1Ps3fHU+4LKxKGACVZ/P6qkpdvP/idiUtZz4jTCBwIIzn2NFbCwo02Scmm1wshLNNo3rDE qrF3qCoCXNhmVUFWI2UGIfK1fFkTMNp56Om+qYvjh8RbatMzK5QE4pccjqTPQlnFsDIjqgmA eHhIDuuWrAVWRZDFfIKI+54PYgGxeuoFzmxAevxt1I6qG3yX59g+bZZpxDuLSoIHjF/gnQTh 5kC5ottjNfI1qbLgk8n8ttbZjZ1qhPowggbuMIIF1qADAgECAhBxFWYFSuSRIU3pvET5rNPc MA0GCSqGSIb3DQEBBQUAMIHKMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIElu Yy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5 IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZl cmlTaWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg LSBHMzAeFw0wOTA1MDEwMDAwMDBaFw0xOTA0MzAyMzU5NTlaMIHdMQswCQYDVQQGEwJVUzEX MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv cmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20v cnBhIChjKTA5MR4wHAYDVQQLExVQZXJzb25hIE5vdCBWYWxpZGF0ZWQxNzA1BgNVBAMTLlZl cmlTaWduIENsYXNzIDEgSW5kaXZpZHVhbCBTdWJzY3JpYmVyIENBIC0gRzMwggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtxEffKigdfAZru9chMslsE4/psY1BTjT32gvjavpl iCALERPpm+BJTotv1QHQXw1HkYpaTHQ+P8aRCbtMNJ6NbqGCUWL3aXZYlgevnhQYB09avZ/S MbJUGXNGahlCEewScyGN9dwwzeXZVgoxxTZtKRSXvS3aiUcZiNhLBD3rtjxnHnQAEw3QhtqT Z/gzA64aPGtpePbALI7hgz93+Zn//p9SWsK0hwrYbKlHwVQpZUM+SsCWH8Gt93evbLEEXr7B tpQtl5AtJ9K7HumDaoT2xLKuIwZlJqUnWCsHIrRvpmJIGnfy1VAnminTlvso9bokdmLjjFnr +27VQsS+Qcf1AgMBAAGjggK5MIICtTA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0 dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMHAGA1UdIARpMGcw ZQYLYIZIAYb4RQEHFwEwVjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t L2NwczAqBggrBgEFBQcCAjAeGhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMDQGA1Ud HwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTEtZzMuY3JsMA4GA1Ud DwEB/wQEAwIBBjBuBggrBgEFBQcBDARiMGChXqBcMFowWDBWFglpbWFnZS9naWYwITAfMAcG BSsOAwIaBBRLa7kolgYMu9BSOJsprEsHiyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2lnbi5j b20vdnNsb2dvMS5naWYwLgYDVR0RBCcwJaQjMCExHzAdBgNVBAMTFlByaXZhdGVMYWJlbDQt MjA0OC0xMTgwHQYDVR0OBBYEFHlHYQhB/TgEokvntcz1Q/ZJKxH4MIHxBgNVHSMEgekwgeah gdCkgc0wgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UE CxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xh c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczghEAi1t1 VoRUhQsAz684SM6xpDANBgkqhkiG9w0BAQUFAAOCAQEAOU3PQZmBtakFtVI46TmEiWzkNKha 59hsCUwkGrpZpIc7cyHxk4HPv2hjWmf+NYUrocNdo0rCOhndMNbMTe/x0oGXylRaQ783i3qO GY0PQ6iM8q9gsxWKs5WcPOCesyeYpDVyF+X8Kl2H04oNwtFFKvjA9KwqkzrVrhJwCOv7O+J3 7OgrZDV2zbra4NHLFNZxWJu+1T59ttnoJMUkZkxdkR92sxc+fw3GIYkvsze4of9csm1J3mVS QvsOiNLtSh2/S+P4zHL6SA5ljknI1viZmDu3lD4xcQaH+mxZUy7X3yvtX2MArBXtA7hVFozG aAPnIqhzC7G8oNpSWN0KDn/BgjGCBPkwggT1AgEBMIHyMIHdMQswCQYDVQQGEwJVUzEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsx OzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBh IChjKTA5MR4wHAYDVQQLExVQZXJzb25hIE5vdCBWYWxpZGF0ZWQxNzA1BgNVBAMTLlZlcmlT aWduIENsYXNzIDEgSW5kaXZpZHVhbCBTdWJzY3JpYmVyIENBIC0gRzMCEBAXCRnWYwXN5VOJ vb2Bt6UwCQYFKw4DAhoFAKCCAtswGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG 9w0BCQUxDxcNMTMwMzI2MTk1NTM1WjAjBgkqhkiG9w0BCQQxFgQUawTK+FSGXpkvbE3mNA54 2TC4ByswbAYJKoZIhvcNAQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqG SIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG 9w0DAgIBKDCCAQMGCSsGAQQBgjcQBDGB9TCB8jCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoT DlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYD VQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykw OTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBD bGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEczAhAQFwkZ1mMFzeVTib29gbel MIIBBQYLKoZIhvcNAQkQAgsxgfWggfIwgd0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJp U2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE7MDkGA1UECxMy VGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDkxHjAc BgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDE3MDUGA1UEAxMuVmVyaVNpZ24gQ2xhc3Mg MSBJbmRpdmlkdWFsIFN1YnNjcmliZXIgQ0EgLSBHMwIQEBcJGdZjBc3lU4m9vYG3pTANBgkq hkiG9w0BAQEFAASCAQAMmpZyyA9rrS7OWn+H//AMz8oqFeS++Muz2T90iJRq5mW7aHy62ype uZYDGZrtFSPInM3li48iD7R1emtmjb4dvSBXju1tm8Qa5dwPBxWqjM+Z5DCr4WZ8qR/iI0Ao KtfEVZUm5kHZtcAtUu+1FTuMl7UbQ1+OWVQ/51Oexn4sX4+dpcYU91QcVRgwbBQ/cxjVWNgp f1S2bs3DzGi5gJQrl6fqKCuYPm11ufnXblKOEZCh/EMmldyPXEfRNbcjeJ9PAAuauMi2k4vo 50nP2yDq3KB46GIDGtLlpmX8m+2z5jgd5G06j87Q2rqSsYrSeyBs4g6HWYTPG9umvK3JHz/k AAAAAAAA --------------ms010108090001080401000202--