Admins eHow SysAdmin Tips & Tricks

April 27, 2011

Block BitTorrent traffic on your Linux firewall using iptables

Filed under: Debian,linux,Security — Tags: , , , , , — admin @ 7:25 pm

The following script will block and log un-encrypted BitTorrent & DHT traffic on your Linux firewall.
I have personally tested it on debian 5 lenny , but I am almost sure it should work pretty well on any new Linux distros.

iptables -N LOGDROP > /dev/null 2> /dev/null 
iptables -F LOGDROP 
iptables -A LOGDROP -j LOG --log-prefix "LOGDROP " 
iptables -A LOGDROP -j DROP

#Torrent
iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j LOGDROP 
iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j LOGDROP
iptables -A FORWARD -m string --algo bm --string "peer_id=" -j LOGDROP
iptables -A FORWARD -m string --algo bm --string ".torrent" -j LOGDROP
iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j LOGDROP 
iptables -A FORWARD -m string --algo bm --string "torrent" -j LOGDROP
iptables -A FORWARD -m string --algo bm --string "announce" -j LOGDROP
iptables -A FORWARD -m string --algo bm --string "info_hash" -j LOGDROP 

# DHT keyword
iptables -A FORWARD -m string --string "get_peers" --algo bm -j LOGDROP
iptables -A FORWARD -m string --string "announce_peer" --algo bm -j LOGDROP
iptables -A FORWARD -m string --string "find_node" --algo bm -j LOGDROP
  • M0rales

    thanks

  • Rashid47010

    I applied these but utorrent is still working
    but slowing downloading
    is there any procedure same like above to completely block the utorrent.

  • lgp

    It’s work perfect but if I want to filter only torrents client without sites and if somebody send mail with word “announce” it’s block by iptable

  • Anonymous

    You are right. it is the downside of this method.

  • Mark Smith

    This might be a better way 🙂  But i have used a combination of both…

    http://forums.hak5.org/index.php?showtopic=16731

  • Nomad
  • Amsterdam Community

    It’s work, thankyou, but only slowing the client that use torrent

  • 565656

    I do not understand anythink

  • Rafhael Almeida

    and xtables ?? 

  • Pokerplay1123

    echo 1 > /proc/sys/net/ipv4/ip_forward200.100.100.1
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT
    iptables -F INPUT
    iptables -F FORWARD
    iptables -F OUTPUT
    iptables -F -t nat
    iptables -A INPUT -i eth2 -m state –state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -j ACCEPT
    iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 80 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 443 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 22 -j ACCEPT
    iptables -A INPUT -p udp -s 0/0 -d 0/0 –destination-port 53 -j ACCEPT
    iptables -A INPUT -p udp -s 0/0 -d 0/0 –destination-port 68 -j ACCEPT
    iptables -A INPUT -p udp -s 0/0 -d 0/0 –destination-port 67 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 1863 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 5050 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 21 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 3128 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 81 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 6665 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 6664 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 6667 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 9010 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 8080 -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 –destination-port 82 -j ACCEPT
    iptables -A FORWARD -i eth0 -o eth2 -m state –state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 80 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 443 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p udp –destination-port 53 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p udp –destination-port 68 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p udp –destination-port 67 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 1863 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 5050 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 22 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 21 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 3128 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 81 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 6665 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 6664 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 6667 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 9010 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 8080 -o eth0 -j ACCEPT
    iptables -A FORWARD -i eth2 -p tcp –destination-port 82 -o eth0 -j ACCEPT
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    eth2 will be your internet forwarding card and eth0 will be incoming internet card
    THIS WILL HELP!!!!SURE!!!

  • Rafhael Almeida

    nop dont’ work, the only way is:

    iptables -I FORWARD -p tcp -m multiport –dports 1024:65535 -m iprange –src-range 192.168.0.1-192.168.0.100 -j DROP

    iptables -I FORWARD -p udp -m multiport –dports 1024:65535 -m iprange –src-range 192.168.0.1-192.168.0.100 -j DROP

    test in my centos 6.7 x64

Powered by WordPress