Key Pages: [ Rope Home Page | Basics (tutorial) | Language Reference | Download ]

How To Block The Gnutella Protocol Using A Linux Firewall

Gnutella (which is pronounced "noo tella") is a peer-to-peer networking protocol used for file sharing without reliance on a central server.

This page describes how to identify or block P2P clients such as LimeWire, BearShare, Shareaza, Gnucleus, Gtk-Gnutella, Acquisitionx, Poisoned, Mutella, Phex, Qtella, Gnotella, XNap and CocoGnut (all of which use the Gnutella protocol) using a Linux firewall.

The solution presented here uses Linux's Iptables, enhanced using the Rope module which provides the possibility of writing in-kernel scripts for protocol identification. If you havent met "Rope" before, see Basics for an introduction.

Using Iptables And Rope

If your linux firewall is not "Rope enabled", you will first need to install the Rope module into the kernel and Iptables utility. See Building for information on obtaining or building the Rope software.

Once Rope is installed in your firewall, copy the gnutella.rope script over to it and compile it (see Compiling). Place the compiled script into the folder /etc/rope.d/scripts.

If you install the script into an Iptables chain, it inspects the data payload of packets passed to it and returns a "true" state if the packet matches. Packets are identified as being Gnutella packets if they contain data that matches the syntax..

GNUTELLA CONNECT/digit(s).digit(s)\r\n

You use the "iptables" command to install the script into a chain using the command..

iptables -A FORWARD \
    -m rope \
    --rope-script gnutella \
    -j DROP

You can make the match more specific by testing for the input or output interface, ip address etc using normal iptables options.

See Also

Scroll to Top