[Shorewall-users] How to make Shorewall and IPP2P work together

Horst Graffy horst.graffy at wiesbaden.netsurf.de
Fri Mar 12 12:28:15 PST 2004


Hi Przemek,

I've integrated ipp2p in my shorewall setup:

in /etc/shorewall/start (create the file if not there)

#######
# ipp2p
#######
echo -n "    starting ipp2p   "

# ip2pp for appleJuice
echo -n "(appleJuice) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --apple  -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --apple  -j LOG --log-level 6 
--log-prefix "ipp2p: appleJuice-traffic "

# ip2pp for dc
echo -n "(DC) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --dc    -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --dc    -j LOG --log-level 6 
--log-prefix "ipp2p: dc-traffic "

# ip2pp for gnutella
echo -n "(gnutella) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --gnu   -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --gnu   -j LOG --log-level 6 
--log-prefix "ipp2p: gnutella-traffic "

# ip2pp for eDonkey
echo -n "(eDonkey) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --edk   -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --edk   -j LOG --log-level 6 
--log-prefix "ipp2p: eDonkey-traffic "

# ip2pp for kazaa
echo -n "(kazaa) "
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --kazaa -j DROP
/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --kazaa -j LOG --log-level 6 
--log-prefix "ipp2p: kazaa-traffic "

# ip2pp for BitTorrent (allowed ;)
echo -n "(BitTorrent) "
#/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --bit    -j DROP
#/usr/sbin/iptables -I FORWARD -p tcp -m ipp2p --bit    -j LOG --log-level 6 
--log-prefix "ipp2p: BitTorrent-traffic "

echo ""
echo "    ipp2p started"

and in /etc/shorewall/modules

# ipp2p (p2p Traffic)
    loadmodule ipp2p

work's like a charm ;))

I don't use the connmark stuff at the moment, because I have not found the 
time to recompile my kernel

hope this helps
Toni


More information about the Shorewall-users mailing list