Expert opinion on iptables/torrents


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Expert opinion on iptables/torrents
# 1  
Old 04-25-2013
Network Expert opinion on iptables/torrents

Hello all,

I want to deny any torrents passing thru linux box that are NOT encrypted. My ISP is doing packet inspection and gives warnings.

I'd like to allow torrents when client sets encryption.

Any thoughts?
# 2  
Old 04-25-2013
iptables can do lots of fun things with sources, destinations, routes, types, and to a limited extent stateful things like simple detection of some protocols but I don't think it's good for this depth of packet content reading. It's just a firewall in the end.
This User Gave Thanks to Corona688 For This Post:
# 3  
Old 04-25-2013
At level7 perhaps?
If I block via l7 all non-standard ports >1024 (ie. allow only 80, 53, 22 etc..) I read somewhere that l7 will not stop encrypted torrents... is that true? I'm guessing it makes sense since it cannot really peek into them to match pattern?

I use iptables daily.. know lot of tricks.. but this packet inspection is really fuss.

I'll make another thread now about paypal/iptables which is also giving me headache.. perhaps someone knows...


I really like that there are people here that I might actually talk to about networking and linux and stuff.. sometimes I feel like I'm alone.. not even google can give me answers I seek.

Smilie
# 4  
Old 04-25-2013
Quote:
Originally Posted by DARKMAN_HR
At level7 perhaps?
l7 is a do-anything addon for iptables which connects iptables to usermode software. It's this software which must do the packet analysis.

It's possible but difficult; bittorent is (intentionally) hard to tell apart from ordinary traffic. In response to throttling and censorship, it has become even more so.
Quote:
If I block via l7 all non-standard ports >1024 (ie. allow only 80, 53, 22 etc..)
That is what I had to do eventually. (You don't need l7 to block ports. Plain iptables can do that easily.) It cannot block all torrents but many. It was a sad moment, a final admission of defeat, that I couldn't simply let my customers have what they wanted at all times. Smilie
Quote:
I read somewhere that l7 will not stop encrypted torrents... is that true?
Yes, very difficult. It probably negotiates over https, which customers obviously need to work unimpeded; which once connected can carry whatever it wants without letting you see the contents. This is also how tor hides itself.
# 5  
Old 04-25-2013
You could also try traffic control, speed limiting instead of or in addition to block/don't block. Prioritize any obviously recognizable traffic.
# 6  
Old 04-25-2013
I can.. and I do that already.. just .. it's not that throughput is bugging me.. -- ISP is bugging me.. they inspected some packet and they saw Movie.name.warez.torrent.bla.avi .... and they want it resolved or they'll unplug me... so that's my main concern..
I had firewall open on network from 00 to 08am ... and users could use whatever... but now I got to lock even that hours and as you said - give it up and surrender :/
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Android

Problem with torrents and bash script on Android

Please disregard this post (0 Replies)
Discussion started by: johnnybopper
0 Replies

2. What is on Your Mind?

Something in my mind - what's your opinion ?

Dear Forum staff / Advisors / members , I am having something in my mind, about Linux / Unix possible Interview questions collections, I guess if I post them here,which might be useful for our members and for students, and in meantime we can discuss also about those questions, what's your... (4 Replies)
Discussion started by: Akshay Hegde
4 Replies

3. UNIX for Advanced & Expert Users

Expert Opinion

This perhaps does not belong in ths category; apologies, however, we have a heated debate going and your input will decide the result. Should UNIX (HP, AIX, etc) be rebooted following a monthly cycle (Every month, or a qtr, etc.). We have some UX admins (grumps) who say they have seen a UX... (6 Replies)
Discussion started by: rsheikh
6 Replies

4. UNIX and Linux Applications

Opinion on modification for SMARTMON

Hello, I get the following in one of my error logs: Device /dev/sda, SATA disks accessed via libata are not currently supported by smartmontools. When libata is given an ATA pass-thru ioctl() then an additional '-d libata' device type will be added to smartmontools. --------------- ... (1 Reply)
Discussion started by: mojoman
1 Replies

5. UNIX for Dummies Questions & Answers

Opinion on modification for SMARTMON

Hello, I get the following in one of my error logs: Device /dev/sda, SATA disks accessed via libata are not currently supported by smartmontools. When libata is given an ATA pass-thru ioctl() then an additional '-d libata' device type will be added to smartmontools. --------------- I... (0 Replies)
Discussion started by: mojoman
0 Replies

6. UNIX for Dummies Questions & Answers

second opinion on sed script

i'm trying to figure out a script that uses sed, and i'm not totally sure if it does what I think it does. The script... - takes in 3 inputs, $1, $2 are names. $3 is a file. - filename is a file. Here is what I'm trying to figure out: cat $3 | grep "id17" > var2 sed "s|@@.*||g" var2 >... (1 Reply)
Discussion started by: gammaman
1 Replies

7. Post Here to Contact Site Administrators and Moderators

Opinion

Hi, I am new at this site and at unix. I was reading some answers that the administrators and moderators have posted to others, and sometimes I feel like their a little sarcastic. I am asking just to be patient to me, I know nothing about unix but I do want to learn, and I think that positive... (7 Replies)
Discussion started by: HN19
7 Replies

8. Solaris

Your Opinion requested

Ladies/Gentlemen, I am looking for a web-based tool to keep track of my Sun inventory. The following list of fields are fields I would like to store: Root Passwd (needs to be secure) / Hostid / Console Port / IP Address / Platform / Application / Hostname . . . you get the point. Do any of... (4 Replies)
Discussion started by: pc9456
4 Replies

9. UNIX Desktop Questions & Answers

Need your help and opinion

Hey all, I'm brand new to Unix/Linux and have a couple of questions. I own a small education/consulting company that has a staff of approx. 50 employees. Most our work is geared towards the office-style environment (i.e. Word, Excel, Powerpoint, etc.). There are also some C and Java programmers... (4 Replies)
Discussion started by: dennie1
4 Replies
Login or Register to Ask a Question