Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1


P2P & IPCOP 11 years 8 months ago #23397

  • codiac
  • codiac's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 33
  • Thank you received: 0
Hi Guys :D

I was wondering if anyone could give me a little advice regarding IPCOP and P2P software.

I have setup several Cop-Boxes using the very useful P2PBlock by Markus Hoffman, this works very well, however, the networks I setup are all wireless and although this frees up the broadband bandwidth, anyone still using p2p software continues to flood the firewall and access points.

What I wanted to do (possibly in conjunction with p2pblock) is create some iptable rules which detect p2p usage from a user and when they try to access web pages will redirect them to a page warning them to disable their p2p software and deny them internet access for a certain amount of time.

Being a noobie at iptables, could you have a look at these rules I have come across and advise as to wheather they could be used/modified to suit (I have not written them I found them)


# Create rules in mangle table to identify and mark p2p packets

#Restores a mark for each incoming packet
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark

#Makes sure that an already marked packet won't get marked again
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT

#Matches single packets of P2P network traffic and marks them
iptables -t mangle -A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 1

#Mark the whole p2p connection
iptables -t mangle -A PREROUTING -m mark --mark 1 -j CONNMARK --save-mark

# End of mangle rules

# Create P2P rules in filter table

#Create new chain with rules to A.log details in kernel table, B.log details in syslog, C.DROP P2P packets.
iptables -N BLOCKP2P
iptables -A BLOCKP2P -m recent --name P2PBLOCKEDUSERS --set
iptables -A BLOCKP2P -m limit --limit 3/h -j LOG --log-level info --log-prefix 'P2P Firewall - Blocked: '

#Jump to BLOCKP2P chain if packet has a mark
iptables -I FORWARD -m mark --mark 1 -j BLOCKP2P

#Detect HTTP connections from blocked P2P users, ACCEPT
#iptables -I FORWARD -m layer7 --l7proto http -m recent --name P2PBLOCKEDUSERS --rcheck --seconds $TIME2BLOCK -j ACCEPT

#Detect all other traffic from blocked P2P users, DROP for 180 seconds
iptables -I FORWARD -d ! $WARNPAGEIP -m recent --name P2PBLOCKEDUSERS --rcheck --seconds $TIME2BLOCK -j DROP

# End of filtering

# Redirect Rules

#redirect a peer to peer users http sessions to a warning page for 180 seconds, drop all other traffic
iptables -t nat -A PREROUTING -p tcp --dport 80 -m recent --name P2PBLOCKEDUSERS --rcheck --seconds $TIME2BLOCK -j DNAT --to $WARNPAGEIP

# End of Redirect Rules

Would really appreaciate any input as this problem is driving me nuts!


Re: P2P & IPCOP 11 years 8 months ago #23520

  • codiac
  • codiac's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 33
  • Thank you received: 0
anyone any suggestions? pretty please :D

Ive tried entering into etc/rc.d/rc.firewall.local & etc/rc.d/rc.firewall]

but cant seem to get any combination right :oops:

even the tiniest crumb of info anyone could throw me would be really appreciated.

  • Page:
  • 1
Time to create page: 0.116 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup