[LARTC] block p2p: ARES
Klaus
klaus at ipp2p.org
Wed Jun 22 17:55:00 CEST 2005
I did a small test with the new ares version.
It seems they have switched their protocol and it is not detected at the
moment.
Lets see how difficult the new ares protocol is and how fast we can
integrate this into ipp2p.
Klaus
:: L i n u XK i D :: wrote:
> Hi....
>
> I'm trying to setup a LAN router with P2P filter
> but the problem is that can't "catch" Ares.
>
> There is a way to DROP "ares" p2p packets ?
>
> I've tried with last "ipp2p" snapshot without sucess...
>
> I've
> Kernel 2.4.28
> iptables 1.3.0
> Various Patches from patch-o-matic-ng-20040621
> iproute2-ss020116
> IMQ Patch
> Esfq Patch
> Julian (route) Patch
> Debian Woody
>
>
> This is my MANGLE table...
>
>
> Chain PREROUTING (policy ACCEPT 8557K packets, 2822M bytes)
> pkts bytes target prot opt in out source
> destination
> 85574 24M p2ptraffic all -- * * 0.0.0.0/0
> 0.0.0.0/0
> .................
>
> Chain p2ptraffic (1 references)
> pkts bytes target prot opt in out source
> destination
> 11860 1620K CONNMARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 ipp2p v0.7.4 --ipp2p CONNMARK set 0xa
> 0 0 CONNMARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 ipp2p v0.7.4 --bit CONNMARK set 0xa
> 0 0 CONNMARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 ipp2p v0.7.4 --apple CONNMARK set 0xa
> 0 0 CONNMARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 ipp2p v0.7.4 --winmx CONNMARK set 0xa
> 1 57 CONNMARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 ipp2p v0.7.4 --soul CONNMARK set 0xa
> 0 0 DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0 ipp2p v0.7.4 --ares
> .........
> 54029 13M CONNMARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 CONNMARK match 0xa CONNMARK restore
>
>
> But... ARES Packet are not bloked at the momment....
> 0 0 DROP .... ipp2p v0.7.4 --ares
>
> :-(
>
> Somebody haves sucessfull blocking ARES ?
>
> regards...
> Andres.
>
> _______________________________________________
> LARTC mailing list
> LARTC at mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
More information about the LARTC
mailing list