Link to home
Create AccountLog in
Avatar of dzelde
dzelde

asked on

How to deny any file sharing like dc++ with ipfw?

i have FreeBSD box where i use bridge + nat + dhcp etc but sometimes i need to block any dc++,kazaa,limeware and all other file sharing programs so that other user can use other Internet bandwidth for other purposes...

please, could someone write what rule should i add to ipfw to deny file sharing?


Martins.
Avatar of ahoffmann
ahoffmann
Flag of Germany image

no proper syntax handy for ipfw, but should be very similar to that of iptables:

iptables -A FORWARD --dport 1214 -j REJECT  # KaZaa
iptables -A FORWARD --dport 4661,4662,4663,4664,4665 -j REJECT  # E-Donkey
iptables -A FORWARD --dport 6346,6347 -j REJECT  # Gnutella, limwire (not shure)

ipfw might look like:
ipfw add deny log 6346,6347 from any
Or you can use traffic shaping, where pf and altq performs better than ipfw2 and dummynet.
Avatar of dzelde
dzelde

ASKER

currently i am trying to understand how i might do that using dummynet cous never tried pf and altq but will try that.

maybe someone know syntax for dummynet?
will pf help ???
Avatar of dzelde

ASKER

well, it will take a time to move to pf so currently i am using dummynet. i would really appreciate if someone would tell how to restrict dc++ with ipfw or dummynet.

because dc++ is using many ports and closing only few might not control it completly. those peer to peer connection uses many ports, doesnt it?
snort detects some, and resets connections via flexresp.
ip/port blacklists will not do.

ipfw add deny tcp from any  to any 1214 via via fxp0 out (where fxp0 outbound interface)

 try to filter in above form ports: 23956 1080 8081
Avatar of dzelde

ASKER

i am sure that ip/port blacklist will not work. i would look into snort reseting connection via flexresp but gheist said that snort detect only some... isnt there a way to do it for sure.

dzelde
ASKER CERTIFIED SOLUTION
Avatar of GhostMod
GhostMod
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer