Re: ipp2p y iptables (error raro)
Hola
Encontre esto en google, por ahi te sirve.
https://lists.netfilter.org/pipermail/netfilter-buglog/2006-March/000785.html
¿ una consulta ?
Yo uso ipp2p para bloquear p2p incluyendo Ares, me funcionaba bien, pero hace un tiempo no lo esta bloqueando (al Ares).
Ares aparece desconectado pero hay trafico de subida y bajada.
¿ Has probado el bloqueo del Ares ?
roberto
2006/3/21, Fernando <zedrant@gmail.com>:
Hola me propuse implementar el ipp2p en mi server me baje la fuente de
iptables 1.3.5 y la ultima version estable de ipp2p y compilo todo bien,
ahora cuando quiero poner las reglas me tira un error de iptables busque
por todos lados y no aparece nada. Tiro un poco de info tecnica por ahi
alguien le paso lo mismo y me puede ayudar.
debian:~# iptables -V
iptables v1.3.5
debian:~# iptables -m ipp2p --help
iptables
v1.3.5
Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LFZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)
Commands:
Either long or short options are allowed.
--append -A chain Append to chain
--delete -D
chain Delete
matching rule from chain
--delete -D chain rulenum
Delete
rule rulenum (1 = first) from chain
--insert -I chain [rulenum]
Insert
in chain as rulenum (default 1=first)
--replace -R chain rulenum
Replace
rule rulenum (1 = first) in chain
--list -L
[chain] List
the rules in a chain or all chains
--flush
-F
[chain] Delete
all rules in chain or all chains
--zero -Z
[chain] Zero
counters in chain or all chains
--new
-N
chain Create
a new user-defined chain
--delete-chain
-X
[chain] Delete
a user-defined chain
--policy -P chain target
Change
policy on chain to target
--rename-chain
-E old-chain new-chain
Change
chain name, (moving any references)
Options:
--proto
-p [!] proto protocol: by number or name, eg.
`tcp'
--source -s [!] address[/mask]
source
specification
--destination -d [!] address[/mask]
destination
specification
--in-interface -i [!] input name[+]
network
interface name ([+] for wildcard)
--jump -j target
target
for rule (may load target extension)
--match -m match
extended
match (may load extension)
--numeric
-n numeric
output of addresses and ports
--out-interface -o [!] output name[+]
network
interface name ([+] for wildcard)
--table
-t table table to
manipulate (default: `filter')
--verbose
-v verbose
mode
--line-numbers print
line numbers when listing
--exact
-x expand
numbers (display exact values)
[!]
--fragment -f match
second or further fragments only
--modprobe=<command> try
to insert modules using this command
--set-counters PKTS BYTES set the counter during insert/append
[!]
--version
-V print
package version.
IPP2P v0.8.0 options:
--ipp2p Grab all known p2p packets
--edk [TCP&UDP]
All known eDonkey/eMule/Overnet packets
--dc
[TCP] All
known Direct Connect packets
--kazaa [TCP&UDP]
All known KaZaA packets
--gnu [TCP&UDP]
All known Gnutella packets
--bit [TCP&UDP]
All known BitTorrent packets
--apple [TCP]
All known AppleJuice packets
--winmx [TCP]
All known WinMX
--soul
[TCP] All
known SoulSeek
--ares
[TCP] All
known Ares
DEBUG SUPPPORT, use only if you know why
--debug Generate
kernel debug output, THIS WILL SLOW
DOWN THE FILTER
Note that the follwing options will have the same meaning:
'--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx
--soul --ares'
IPP2P was intended for TCP only. Due to increasing usage of UDP we
needed to change this.
You can now use -p udp to search UDP packets only or without -p switch
to search UDP and TCP packets.
See README included with this package for more details or visit
http://www.ipp2p.org
Examples:
iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP
debian:~# iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
iptables: Unknown error 4294967295
Desde ya muchas gracias
--
To UNSUBSCRIBE, email to
debian-user-spanish-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Ing. Roberto Pereyra
ContenidosOnline
Servidores BSD, Solaris y Linux
Soporte técnico ISPs
Jabber ID: rpereyra@lugmen.org.ar
For reliable and professional DNS, use DNS Made Easy!
http://www.dnsmadeeasy.com/u/14989
Reply to: