1
good day all
This is my current iptables setup
Generated by iptables-save v1.4.7 on Wed Apr 9 13:50:31 2014
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :LOGDROP - [0:0]
-A INPUT -p tcp -m tcp --dport 5252 -m comment --comment "SSH_Secure Input" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m comment --comment "SSH Input" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m comment --comment "HTTP Input" -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -m comment --comment "HTTPS Input" -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o tun0 -j ACCEPT
-A FORWARD -o eth0 -j ACCEPT
-A FORWARD -m string --string "BitTorrent" --algo bm --to 65535 -j LOGDROP
-A FORWARD -m string --string "BitTorrent protocol" --algo bm --to 65535 -j LOGDROP
-A FORWARD -m string --string "peer_id=" --algo bm --to 65535 -j LOGDROP
-A FORWARD -m string --string ".torrent" --algo bm --to 65535 -j LOGDROP
-A FORWARD -m string --string "announce.php?passkey=" --algo bm --to 65535 -j LOGDROP
-A FORWARD -m string --string "torrent" --algo bm --to 65535 -j LOGDROP
-A FORWARD -m string --string "announce" --algo bm --to 65535 -j LOGDROP
-A FORWARD -m string --string "info_hash" --algo bm --to 65535 -j LOGDROP
-A FORWARD -m string --string "get_peers" --algo bm --to 65535 -j LOGDROP
-A FORWARD -m string --string "announce_peer" --algo bm --to 65535 -j LOGDROP
-A FORWARD -m string --string "find_node" --algo bm --to 65535 -j LOGDROP
-A OUTPUT -o eth0 -p tcp -m tcp --dport 443 -m comment --comment "HTTPS Input" -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A LOGDROP -j LOG --log-prefix "LOGDROP "
-A LOGDROP -j DROP COMMIT
Completed on Wed Apr 9 13:50:31 2014
Generated by iptables-save v1.4.7 on Wed Apr 9 13:50:31 2014
*nat :PREROUTING ACCEPT [2121:189137]
POSTROUTING ACCEPT [18:1030] :OUTPUT ACCEPT [18:1030]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
Completed on Wed Apr 9 13:50:31 2014
I have a centos 6 server running openvpn,
reason for wanting to do this, I have clients connecting, and sine they do alot of downloading and never disconnect from the vpn when it is not needed, I et alot of bandwidth usage and thus stacks up onto a hefty bill
Where the iptables rules start with "-A FORWARD -m string" & all the "log/logdrops", I got these rules from a website (of whichthere are may websites refering to exactly the same rules to blocking torrent traffic), the only problem is that it doesnt block any traffic
I connected to the vpn, I started up a few torrents and they didnt slow down in downloading, it was as if I wasnt conneccted to the vpn...
Please help