kazaa rulset

kazaa rulset

[juanca]

iptables -A INPUT -s kazaa.com -p tcp -j DROP
iptables -A INPUT -d kazaa.com -p tcp -j DROP
iptables -A INPUT -s kazaa.com -p udp -j DROP
iptables -A INPUT -d kazaa.com -p udp -j DROP
iptables -A FORWARD -s 0/0 -p tcp --dport 1214 -j REJECT
iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
iptables -A OUTPUT -p tcp --dport 1214 -j DROP
iptables -A OUTPUT -p udp --dport 1214 -j DROP
iptables -A INPUT -p tcp --sport 1214 -j DROP
iptables -A INPUT -p udp --sport 1214 -j DROP
iptables -A FORWARD -p tcp --dport 1214 -j DROP
iptables -A FORWARD -p udp --dport 1214 -j DROP
iptables -A OUTPUT -p tcp --dport 8000:8999 -j DROP
iptables -A OUTPUT -p udp --dport 8000:8999 -j DROP
iptables -A OUTPUT -p tcp -d 66.80.62.34 -j DROP
iptables -A OUTPUT -p tcp -d 205.188.245.120 -j DROP
iptables -A OUTPUT -p tcp -d 64.12.168.244 -j DROP
iptables -A OUTPUT -p tcp -d 66.218.70.39 -j DROP
iptables -A OUTPUT -p tcp -d 64.245.54.0/24 -j DROP
iptables -A FORWARD -d a64-124-29-52.deploy.akamaitechnologies.com -j 
REJECT
iptables -A FORWARD -d 64.124.29.52 -j REJECT
iptables -A FORWARD -d 64.230.160.147 -j REJECT
iptables -A FORWARD -d 68.83.112.75 -j REJECT
iptables -A FORWARD -d 68.60.210.234 -j REJECT
iptables -A FORWARD -d 207.112.54.21 -j REJECT
iptables -A FORWARD -d 64.230.160.147 -j REJECT
iptables -A FORWARD -d 61.218.91.171 -j REJECT
iptables -A FORWARD -d 61.218.91.171 -j REJECT
iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
iptables -A FORWARD -p tcp --dport 4660:4666 -j DROP
iptables -A FORWARD -p udp --dport 4660:4666 -j DROP
iptables -I FORWARD -i eth0 -p tcp -m string --string "KazaaClient" -j 
REJECT --reject-with tcp-reset
iptables -I FORWARD -p tcp -m string --string "KazaaClient" -j REJECT 
--reject-with tcp-reset
iptables -I FORWARD -p tcp -m string --string "KazaaClient" -j REJECT 
--reject-with tcp-reset
iptables -A FORWARD -d a342.g.akamai.net -p tcp tcp -j DROP
iptables -A FORWARD -d a342.g.akamai.net -p tcp udp -j DROP
iptables -A FORWARD -d 63.208.194.47 -j REJECT
iptables -A FORWARD -d 63.208.194.6 -j REJECT
iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j REJECT 
--reject-with tcp-reset
iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j REJECT 
--reject-with tcp-reset
iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j REJECT 
--reject-with tcp-reset
iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j REJECT 
--reject-with tcp-reset
iptables -A FORWARD -m string --string "Kazaa" -j REJECT --reject-with 
tcp-reset
iptables -t mangle -A PREROUTING -p tcp -m --string "Kazaa" -j DROP
iptables -A FORWARD -m state --state NEW,INVALID -j REJECT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -m state --state NEW -m string --string 
"Kazaa" -j DROP

this is my rulset but get this message when run the script what`s wrong?
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `udp'
Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables v1.2.6a: Couldn't load match 
`--string':/lib/iptables/libipt_--string.so: cannot open shared object 
file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name

Re: kazaa rulset

[Shawn]

Having some trouble?

On Mon, 2003-07-28 at 16:42, juanca wrote:
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -p tcp -m state --state NEW -m string --string 
> "Kazaa" -j DROP
> 
> this is my rulset but get this message when run the script what`s wrong?
> iptables: No chain/target/match by that name
> iptables: No chain/target/match by that name
> Bad argument `tcp'
> Try `iptables -h' or 'iptables --help' for more information.
> Bad argument `udp'
> Try `iptables -h' or 'iptables --help' for more information.
> iptables: No chain/target/match by that name
> iptables: No chain/target/match by that name
> iptables: No chain/target/match by that name
> iptables: No chain/target/match by that name
> iptables: No chain/target/match by that name
> iptables v1.2.6a: Couldn't load match 
> `--string':/lib/iptables/libipt_--string.so: cannot open shared object 
> file: No such file or directory
> 
> Try `iptables -h' or 'iptables --help' for more information.
> iptables: No chain/target/match by that name

RE: kazaa rulset

[George Vieira]

-m string --string

you have to specify which module to use "-m string" and then it's parameter "--string findthis"

Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au

Citadel Computer Systems Pty Ltd
http://www.citadelcomputer.com.au

-----Original Message-----
From: juanca [mailto:juanca@sat.com.py]
Sent: Tuesday, July 29, 2003 7:42 AM
To: netfilter@lists.netfilter.org
Subject: kazaa rulset 



iptables -A INPUT -s kazaa.com -p tcp -j DROP
iptables -A INPUT -d kazaa.com -p tcp -j DROP
iptables -A INPUT -s kazaa.com -p udp -j DROP
iptables -A INPUT -d kazaa.com -p udp -j DROP
iptables -A FORWARD -s 0/0 -p tcp --dport 1214 -j REJECT
iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
iptables -A OUTPUT -p tcp --dport 1214 -j DROP
iptables -A OUTPUT -p udp --dport 1214 -j DROP
iptables -A INPUT -p tcp --sport 1214 -j DROP
iptables -A INPUT -p udp --sport 1214 -j DROP
iptables -A FORWARD -p tcp --dport 1214 -j DROP
iptables -A FORWARD -p udp --dport 1214 -j DROP
iptables -A OUTPUT -p tcp --dport 8000:8999 -j DROP
iptables -A OUTPUT -p udp --dport 8000:8999 -j DROP
iptables -A OUTPUT -p tcp -d 66.80.62.34 -j DROP
iptables -A OUTPUT -p tcp -d 205.188.245.120 -j DROP
iptables -A OUTPUT -p tcp -d 64.12.168.244 -j DROP
iptables -A OUTPUT -p tcp -d 66.218.70.39 -j DROP
iptables -A OUTPUT -p tcp -d 64.245.54.0/24 -j DROP
iptables -A FORWARD -d a64-124-29-52.deploy.akamaitechnologies.com -j 
REJECT
iptables -A FORWARD -d 64.124.29.52 -j REJECT
iptables -A FORWARD -d 64.230.160.147 -j REJECT
iptables -A FORWARD -d 68.83.112.75 -j REJECT
iptables -A FORWARD -d 68.60.210.234 -j REJECT
iptables -A FORWARD -d 207.112.54.21 -j REJECT
iptables -A FORWARD -d 64.230.160.147 -j REJECT
iptables -A FORWARD -d 61.218.91.171 -j REJECT
iptables -A FORWARD -d 61.218.91.171 -j REJECT
iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP
iptables -A FORWARD -p udp --dport 6346:6347 -j DROP
iptables -A FORWARD -p tcp --dport 4660:4666 -j DROP
iptables -A FORWARD -p udp --dport 4660:4666 -j DROP
iptables -I FORWARD -i eth0 -p tcp -m string --string "KazaaClient" -j 
REJECT --reject-with tcp-reset
iptables -I FORWARD -p tcp -m string --string "KazaaClient" -j REJECT 
--reject-with tcp-reset
iptables -I FORWARD -p tcp -m string --string "KazaaClient" -j REJECT 
--reject-with tcp-reset
iptables -A FORWARD -d a342.g.akamai.net -p tcp tcp -j DROP
iptables -A FORWARD -d a342.g.akamai.net -p tcp udp -j DROP
iptables -A FORWARD -d 63.208.194.47 -j REJECT
iptables -A FORWARD -d 63.208.194.6 -j REJECT
iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j REJECT 
--reject-with tcp-reset
iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j REJECT 
--reject-with tcp-reset
iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j REJECT 
--reject-with tcp-reset
iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j REJECT 
--reject-with tcp-reset
iptables -A FORWARD -m string --string "Kazaa" -j REJECT --reject-with 
tcp-reset
iptables -t mangle -A PREROUTING -p tcp -m --string "Kazaa" -j DROP
iptables -A FORWARD -m state --state NEW,INVALID -j REJECT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -m state --state NEW -m string --string 
"Kazaa" -j DROP

this is my rulset but get this message when run the script what`s wrong?
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `udp'
Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables v1.2.6a: Couldn't load match 
`--string':/lib/iptables/libipt_--string.so: cannot open shared object 
file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name

Re: kazaa rulset

[Bill Chappell]

[-- Attachment #1: Type: text/plain, Size: 920 bytes --]

replying to juanca:


I expect that these rules resulted in the error messages I moved up
below them.


>
> iptables -A FORWARD -d a342.g.akamai.net -p tcp tcp -j DROP
> iptables -A FORWARD -d a342.g.akamai.net -p tcp udp -j DROP
> Bad argument `tcp'
> Try `iptables -h' or 'iptables --help' for more information.
> Bad argument `udp'
> Try `iptables -h' or 'iptables --help' for more information.

For the other error messages, I would try commenting out
all the rules (except one for the first try) and run the script that
loads them un-commenting one at a time.

For an exercise like that, script flushall is helpful between
runs:
iptables -t filter -F
iptables -t mangle -F
iptables -t nat -F


--
William Chappell,     Software Engineer,     Critical Technologies, Inc.
Suite 400 Technology Center, 4th Floor 1001 Broad Street, Utica, NY 13501
315-793-0248  x148  < bill.chappell@critical.com >  www.critical.com



[-- Attachment #2: Type: text/html, Size: 1196 bytes --]

Re: kazaa rulset

[Bill Chappell]

[-- Attachment #1: Type: text/plain, Size: 967 bytes --]

> replying to juanca:
>
>
> I expect that these rules resulted in the error messages I moved up
> below them.
>
>
>>
>> iptables -A FORWARD -d a342.g.akamai.net -p tcp tcp -j DROP
>> iptables -A FORWARD -d a342.g.akamai.net -p tcp udp -j DROP
>> Bad argument `tcp'
>> Try `iptables -h' or 'iptables --help' for more information.
>> Bad argument `udp'
>> Try `iptables -h' or 'iptables --help' for more information.
>
>
> For the other error messages, I would try commenting out
> all the rules (except one for the first try) and run the script that
> loads them un-commenting one at a time.
>
> For an exercise like that, script flushall is helpful between
> runs:
> iptables -t filter -F
> iptables -t mangle -F
> iptables -t nat -F
>
>
> --
> William Chappell,     Software Engineer,     Critical Technologies, Inc.
> Suite 400 Technology Center, 4th Floor 1001 Broad Street, Utica, NY 13501
> 315-793-0248  x148  < bill.chappell@critical.com >  www.critical.com
>

[-- Attachment #2: Type: text/html, Size: 1227 bytes --]