New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Realistically, the only thing I can think of is iptables with DPI rules (if that even exists) and drop tcp headers that has a distinct torrent signature. I'm not sure if iptables does it out of the box or there's modules that does that for you...
EDIT: Yes, turns out there is. It's called nDPI, which can be found here
https://www.ntop.org/products/deep-packet-inspection/ndpi/
I've installed nDPI, any idea how to use it? Found one way that is supposed to work, adding to the ip tables:
iptables -t mangle -A PREROUTING -m ndpi --all
iptables -t mangle -A PREROUTING -m ndpi --bittorrent -j DROP
iptables -t mangle -A PREROUTING -m ndpi --unknown
iptables -t mangle -A POSTROUTING -m ndpi --all
iptables -t mangle -A POSTROUTING -m ndpi --bittorrent -j DROP
iptables -t mangle -A POSTROUTING -m ndpi --unknown
Doesn't seem to work well.
Yeah, from my research it nDPI you do need to install the netfilter-ndpi extensions for it to work.
That part I've never tried myself, but of course, try setting it up on a development VM and see where it goes from there,
deep packet inspection doesn't help much, as most traffic is encrypted anyways.
therefore the given rules don't help much anymore from my experience, that's simply outdated ;-)
what might do a bit better is to block well-known p2p related IPs, like for trackers. https://www.iblocklist.com/lists provides some useful lists to use with e.g. ipset, but is a tenner per year.
this still might not block p2p traffic completly, as users might have a list of peers already in their client which won't be blocked and could continue to communicate.
so the only real thing that works with a somewhat sufficient result will be whitelisting IPs and/or ports. for the latter remember that most torrent-client are configurable and may even use port 80/443 , so anyway not a task that's done easily or with a guarantued positive result.