How To Block The Gnutella Protocol Using A Linux Firewall
Gnutella (which is pronounced "noo tella") is a peer-to-peer networking protocol used for file sharing without reliance on a central server.
This page describes how to identify or block P2P clients such as LimeWire, BearShare, Shareaza, Gnucleus, Gtk-Gnutella, Acquisitionx, Poisoned, Mutella, Phex, Qtella, Gnotella, XNap and CocoGnut (all of which use the Gnutella protocol) using a Linux firewall.
The solution presented here uses Linux's Iptables, enhanced using the Rope module which provides the possibility of writing in-kernel scripts for protocol identification. If you havent met "Rope" before, see Basics for an introduction.
Using Iptables And Rope
If your linux firewall is not "Rope enabled", you will first need to install the Rope module into the kernel and Iptables utility. See Building for information on obtaining or building the Rope software.
If you install the script into an Iptables chain, it inspects the data payload of packets passed to it and returns a "true" state if the packet matches. Packets are identified as being Gnutella packets if they contain data that matches the syntax..
You use the "iptables" command to install the script into a chain using the command..
iptables -A FORWARD \ -m rope \ --rope-script gnutella \ -j DROP
You can make the match more specific by testing for the input or output interface, ip address etc using normal iptables options.
- http://www.digitage.co.uk/rope/BlockingBittorrent - Blocking Bittorrent
- http://www.digitage.co.uk/digitage/software/p2pwall - Blocking Kazaa, WinMX, OpenNAP