ipchains filter - am i doing this right? (Sorry)

ipchains filter - am i doing this right? (Sorry)

Post by Dan Johns » Sun, 02 Dec 2001 04:02:28



I apologize for the previous gibberish post...

Hello! I'm trying to filter out kazaa on my firewall. The users behind
it are consuming all of my bandwidth. I setup an ipchains script
rejecting some "popular" non-essential ports, but when I list the masq
activity it show that machines are still connecting to port 1214. Are
they really or are they trying?

My ghetto ipchains script:

# Morpheus - Kazaa
ipchains  -A output  -p udp -s 0/0 --destination-port 1214 -j REJECT
ipchains  -A output  -p tcp -s 0/0 --destination-port 1214 -j REJECT
ipchains  -A input  -p udp -s 0/0 --destination-port 1214 -j REJECT
ipchains  -A input  -p tcp -s 0/0 --destination-port 1214 -j REJECT
etc...

"ipchains -L -M" Information

TCP  10:09.51 192.168.0.159        somecomputer.location    1436
(61882) -> 1214
UDP  01:49.29 192.168.0.166        mydns.mydomain.com   2379 (61981)
-> domain
TCP  14:23.05 192.168.0.159        someothercomputer.location 1031
(64380) -> 1214
UDP  04:00.84 192.168.0.192        awebsite.somewhere.com   1096
(62239) -> www
etc...

It appears they're still connecting to port 1214. Am I doing something
wrong or am I miss under standing the "ipchains -L -M" information?

Thanks!

 
 
 

ipchains filter - am i doing this right? (Sorry)

Post by DarkStor » Sun, 02 Dec 2001 04:14:30


those could be remnants of connections, ive shut machines down and saw no
activity lights, yet some connects were still listed... the best way to know
for sure is to try morpheus yourself and see if it works

right now im trying to find iptables statements that do bandwidth limiting
in conjunction with shaper, that might be a better alternative than blocking
it all together


Quote:> I apologize for the previous gibberish post...

> Hello! I'm trying to filter out kazaa on my firewall. The users behind
> it are consuming all of my bandwidth. I setup an ipchains script
> rejecting some "popular" non-essential ports, but when I list the masq
> activity it show that machines are still connecting to port 1214. Are
> they really or are they trying?

> My ghetto ipchains script:

> # Morpheus - Kazaa
> ipchains  -A output  -p udp -s 0/0 --destination-port 1214 -j REJECT
> ipchains  -A output  -p tcp -s 0/0 --destination-port 1214 -j REJECT
> ipchains  -A input  -p udp -s 0/0 --destination-port 1214 -j REJECT
> ipchains  -A input  -p tcp -s 0/0 --destination-port 1214 -j REJECT
> etc...

> "ipchains -L -M" Information

> TCP  10:09.51 192.168.0.159        somecomputer.location    1436
> (61882) -> 1214
> UDP  01:49.29 192.168.0.166        mydns.mydomain.com   2379 (61981)
> -> domain
> TCP  14:23.05 192.168.0.159        someothercomputer.location 1031
> (64380) -> 1214
> UDP  04:00.84 192.168.0.192        awebsite.somewhere.com   1096
> (62239) -> www
> etc...

> It appears they're still connecting to port 1214. Am I doing something
> wrong or am I miss under standing the "ipchains -L -M" information?

> Thanks!


 
 
 

1. ipchains filter - am i doing this right?

Hello! Im trying to filter out kazaa on my firewall. The users
behind it are consuming all of my bandwidth. I setup an ipchains
script rejecting some popular non-essential ports, but
when I list the masq activity it show that machines are still
connecting to port 1214. Are they really or are they trying?

My ghetto ipchains script:

# Morpheus - Kazaa
ipchains  -A output  -p udp -s 0/0 --destination-port 1214 -j REJECT
ipchains  -A output  -p tcp -s 0/0 --destination-port 1214 -j REJECT
ipchains  -A input  -p udp -s 0/0 --destination-port 1214 -j REJECT
ipchains  -A input  -p tcp -s 0/0 --destination-port 1214 -j REJECT
etc

ipchains L M Information
.
TCP  10:09.51 192.168.0.76        somecomputer.location    1436
(61882) -> 1214
UDP  01:49.29 192.168.0.210        mydns.mydomain.com   2379 (61981)
-> domain
TCP  14:23.05 192.168.0.159        someothercomputer.location 1031
(64380) -> 1214
UDP  04:00.84 192.168.0.192        awebsite.somewhere.com   1096
(62239) -> www
etc.

It appears theyre still connecting to port 1214. Am I doing
something wrong or am I miss under standing the ipchains
L M information?

Thanks!

2. Looking for a SCCS like program

3. Shutdown problems...am I doing it right?

4. 520H--can processor be upgraded

5. RedHat 5.2 dialler - am i doing it right ?

6. Maximum path size in Linux...

7. LVM...am I doing this right?

8. tcsh and colored xterm-prompt?

9. Am I doing this right?

10. SetEnvIf-Am I doing this right?

11. This clone thing...am I stupid, or am I right?

12. Am I touchy? Or am I right?