(crazy?) idea for blocking p2p

To: debian-firewall@lists.debian.org
Subject: (crazy?) idea for blocking p2p
From: Felipe Figueiredo <philsf@ufrj.br>
Date: Fri, 7 Jul 2006 03:47:50 -0300
Message-id: <[🔎] 200607070347.51128.philsf@ufrj.br>

Hello,

since I am fairly new to iptables, this may be old news to many of the gurus 
here. Consider it some food for thought.

Since one can create rules that limit quantity of packages (say) per second, 
one could use this feature to limit [in|out]bound traffic from EVERY port 
(except specific ones).

The idea would be to block the downloading of big files/too much information, 
from non-permited services.

Maybe something like: permit any quantity for HTTP, FTP, SMTP/POP (for email 
attachments), SSH (for sftp), (others?), and limit every other traffic to a 
reasonable quantity per [sec|min|...].

However, I heard of people having crashing problems when limiting amount of 
ssh connections, in some kernel version. Aparently some sort of memory leak. 
It may very well be fixed by now, but I never really looked into it, since I 
resorted to userspace scripts for the job (in my case, I use fail2ban to 
limit ssh connections).

Reply to:

Follow-Ups:
- Re: (crazy?) idea for blocking p2p
  - From: "Wojciech Ziniewicz" <wojciech.ziniewicz@gmail.com>
- Re: (crazy?) idea for blocking p2p
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: (crazy?) idea for blocking p2p
  - From: ChrisDB <mlist.d@virgin.net>

Prev by Date: Re: ssh connection survives reboot of stateful iptables router
Next by Date: Re: (crazy?) idea for blocking p2p
Previous by thread: Re: ssh connection survives reboot of stateful iptables router
Next by thread: Re: (crazy?) idea for blocking p2p
Index(es):
- Date
- Thread