p2p - peer to peer traffic blocking script
State: active
This script can be used to disable, cut and block traffic of users from a network which uses peer to peer software to distribute and/or download software from the internet. Most countries disallows interchange of copyright protected data via p2p network which is more then 90% of t he p2p traffic generates. The script has been written and tested for IPCop.
In later versions I will add a feature for a configuration file. Furthermore I will apply the script for IPCop web interface...
Download the current version now
#!/bin/sh
VERSION="2008-08-01"
###############################################################################
#
# Title: p2p
#
# Description: This script is used to block peer to peer trafic and
# connections in a LAN such as Emule, Edonkey etc...
# Read more on www.skycube.net
#
# Author: Per Lasse Baasch (c)
# Website: http://www.skycube.net
#
# Licinse: GnuGPL v3+
# Go to www.skycube.net to read the complete license
#
# Notes: This script has been tested on IPCop 1.4.13.
#
# IMPORTANT: BE CAREFULLY !!! NEVER CREATE NEW RULE WITHOUT TESTING
#
# Requirements: - iptables (IPCop = default installed)
# - iproute (IPCop = default installed)
###############################################################################
# INSTALL
#
# - Copy this file to any directory on your server/router an execute it
# with > ./p2p.sh start
#
# IPCop: - > mv /tmp/p2p.sh /etc/rc.d/
# - > chmod 755 /etc/rc.d/p2p.sh
# - > vi /etc/rc.d/rc.local
# - > type the following: /etc/rc.d/p2p.sh
# - > reboot
#
###############################################################################
# USSAGE
#
# start -> start this script
# stop -> stop this script
# restart -> stop this script and start this script
#
###############################################################################
# START BASIC CONFIGURATION
IPT="/sbin/iptables"
#RED_DEVICE=$(/bin/cat /var/ipcop/red/iface 2>/dev/null| /usr/bin/tr -d '\012' 2>/dev/null)
RED_DEVICE="eth0"
#BLOCKED_DEV="-o eth0"
BLOCKED_DEV="-o ppp0"
# END BASIC CONFIGURATION
###############################################################################
case "$1" in start)
# See how we were called.
# create a custom RULEs
$IPT -N p2p_FORWARD
$IPT -I CUSTOMFORWARD -j p2p_FORWARD
$IPT -N p2p_INPUT
$IPT -I CUSTOMINPUT -j p2p_INPUT
# Allgemeine P2P-Ports blocken
# COSTUM ABGEFANGEN
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 4242 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 4242 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 4900:5000 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 4900:5000 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 6600 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 6600 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 18000:19999 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 18000:19999 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 30000:39999 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 30000:39999 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 50100:50200 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 50100:50200 $BLOCKED_DEV -j DROP
#WarezClient
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 60000 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --sport 60000 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --dport 60000 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --dport 60000 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 60000 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --sport 60000 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --dport 60000 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --dport 60000 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 7766 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --sport 7766 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --dport 7766 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --dport 7766 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 7766 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --sport 7766 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --dport 7766 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --dport 7766 $BLOCKED_DEV -j DROP
#Kazaa
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 1214 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --sport 1214 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --dport 1214 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --dport 1214 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 1214 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --sport 1214 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --dport 1214 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --dport 1214 $BLOCKED_DEV -j DROP
#BitTorrent
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 6969 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --sport 6969 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 6881:6889 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --sport 6881:6889 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --dport 6881:6889 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --dport 6881:6889 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 6969 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --sport 6969 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 6881:6889 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --sport 6881:6889 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --dport 6881:6889 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --dport 6881:6889 $BLOCKED_DEV -j DROP
#Emule
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 4661:4673 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --sport 4661:4673 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --dport 4661:4673 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --dport 4661:4673 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 4661:4673 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --sport 4661:4673 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --dport 4661:4673 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --dport 4661:4673 $BLOCKED_DEV -j DROP
#WinMX
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --sport 6699 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --sport 6257 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p TCP --dport 6699 $BLOCKED_DEV -j DROP
$IPT -A p2p_INPUT -i $RED_DEVICE -p UDP --dport 6257 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --sport 6699 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --sport 6257 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP --dport 6699 $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP --dport 6257 $BLOCKED_DEV -j DROP
#############################################################################
#############################################################################
#############################################################################
# Beginning here with the port changing people ;)
#############################################################################
#############################################################################
#Diverse
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "pando.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Pando/" $BLOCKED_DEV -j DROP
#$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "pando.com" $BLOCKED_DEV -j DROP
#$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "pando.com" $BLOCKED_DEV -j DROP
#MLDONKEY
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "bearshare net" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "GNUTELLA" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "GNUTELLA/0.6" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "GNUTELLA CONNECT/0.6" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "WARNING : You have a lowid." $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: gwebcache.bearshare.net" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: loot.alumnigroup.org" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: 2z4u.de" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Referer: http://ed2k.2x4u.de/list.html" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://gwc1.nouiz.org/servlet/GWebCache/req" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://gwebcache.bearshare.net/gcache.php" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://node01.hewson.cns.ufl.edu:8080/ccpwcc.cgi" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://loot.alumnigroup.org:80///" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://www.xolox.nl/gwebcache" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://gwc1.mager.org:8081/GWebCache/req" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://krill.shacknet.nu:20095/gwc" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://crabcake.dynalias.net:9627/" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://node01.hewson.cns.ufl.edu:8080/cpwc5.cgi" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://galvatron.dyndns.org:59009/gwcache" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://loot.alumnigroup.org/" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://207.71.250.4/gcache/gcache.php" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://cache.mynapster.com/index.php" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://unknown.pingtime.com/gwebcache/gcache.php" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://gwebcache.bearshare.net/" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://gwebcache.bearshare.net/gcache.php" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://starscream.dynalias.com/" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://www.xolox.nl/gwebcache/default.asp" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://loot.alumnigroup.org:80/" $BLOCKED_DEV -j DROP
# #WAREZCLIENT
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: adserver.warezclient.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: adserver.startnow.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: data.warezclient.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: www.warezclient.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: i.warez.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: w.warez.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: www.warez.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: ad.yieldmanager.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: music.download.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: adv.teamtalkmedia.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: cdn.fastclick.net" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: media.fastclick.net" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: a248.e.akamai.net" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Host: adv.teamtalkmedia.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://ad.yieldmanager.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://ad.firstadsolution.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://www.warez.com/" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://forum.warezclient.com/" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://download.warezclient.com/" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://content.warezclient.com/" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://warez.com/" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://music.download.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://www.appzplanet.com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://www.warezdownloads.info/" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "http://katz.ws" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "action=http://search.warez.com/" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "Referer: http://www.warez.com/ " $BLOCKED_DEV -j DROP
# Applejuice
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "download.berlios.de" $BLOCKED_DEV -j DROP
# Kazza_Protokoll_Block
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP -m string --string "X-Kazaa-IP:" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP -m string --string "X-Kazaa-IP:" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p TCP -m string --string "X-Kazaa-SupernodeIP:" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -p UDP -m string --string "X-Kazaa-SupernodeIP:" $BLOCKED_DEV -j DROP
# WinMX
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "www winmx com" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "www.winmx.com" $BLOCKED_DEV -j DROP
# eMule
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "www.emule.de" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "www.emule.net" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "www.emule.org" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "emule-serverlist" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "webservice.emuleforum.net" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "www.emule" $BLOCKED_DEV -j DROP
$IPT -A p2p_FORWARD -i $RED_DEVICE -m string --string "www.divxcommunity.de" $BLOCKED_DEV -j DROP
echo "p2p started..."
;;
###########################################################################################
stop)
echo -e "Deleting all rules in chain..............\c"
$IPT -F p2p_FORWARD
$IPT -F p2p_INPUT
sleep 1
echo -e "Done !"
echo -e "Zero counters in chain...................\c"
$IPT -Z p2p_FORWARD
$IPT -Z p2p_INPUT
sleep 1
echo -e "Done !"
echo -e "Deleting rule from chain.................\c"
$IPT -D CUSTOMFORWARD -j p2p_FORWARD
$IPT -D CUSTOMINPUT -j p2p_INPUT
sleep 1
echo -e "Done !"
echo -e "Deleting user-defined chain..............\c"
$IPT -X p2p_FORWARD
$IPT -X p2p_INPUT
sleep 1
echo -e "Done !"
;;
###########################################################################################
restart)
$0 stop;
$0 start;
echo "Rules Reloaded..."
;;
###########################################################################################
*)
echo "Usage: $0 {start|stop|restart}"
esac
