Using Linux IPTables, How to block torrents or any P2P protocols?

linux iptables

Port based P2P blocking is hardly a 100% solution. What you might want to consider is called L7 filtering (Layer 7 filtering). Basically, linux has an implementation that does regex based matching on all packets to decide whats good and whats bad.

http://l7-filter.sourceforge.net/

This can help you block all sorts of stuff, including skype.

http://l7-filter.sourceforge.net/protocols

Please Note: Regex matching to inspect and filter packets is resource intensive making any system alot more vulnerable to DDOS attacks, the preferred method would be to target the protocol within iptables.


The only proper technical solution is to have all traffic going through a proxy that will decrypt SSL traffic on the fly and then apply layer 7 filtering on the passing traffic.

Such products are pretty expensive as there is usually a big team of engineers behind them updating the rules needed to classify the packets.

You can help yourself somewhat with iptables modules sush as before mentioned ipp2p or l7-filter, but they will not catch encrypted traffic.

In any case, technology is very rarely the solution for social problems, and misuse od corporate/public/whatever networks for p2p is a social problem. Try talking to your users, get your organization to create appropriate policies and enforce them with sanctions. This in my experience works much better than a constant technology arms race with your users.


There is a module named IPP2P that can detect & block P2P protocols: http://www.ipp2p.org/


The simple solution is to block all outgoing ports except the ones you want to allow.

Alternatively, you can find a list of the ports likely to be used for common P2P applications and block those. Bittorrent tends to only allow a very limited amount of downloading if you are not also uploading, so you should also make sure that you don't accept any incoming connections.

You might find it useful to set up some sort of IP accounting on your router based on the TCP port used, and then find out which port is the most heavily used. IPTraf is a useful tool for checking this.

I should warn you that you'll never stop everything; people are ingenious and will find a way around any restriction you put in place. Most firewalls will stop the casual user though, which may be enough.

Related

Returning "200 OK" in Apache on HTTP OPTIONS requests
S3fs performance improvements or alternative?
yum should error when a package is not available
VNC viewer not connecting to Mac from Windows
Where do I find my EC2 private key?
IIS 404 error where file exists
How can multiple clients of an openvpn server find each other?
Docker & Shorewall
Fastest method of copying files
How to list content from a tar file without recursion?
How are IP addresses actually assigned?
DNS recursion is insecure, but necessary for internal applications?