Blocking BitTorrent

[r00igev@@r]

Any good ideas on stopping BitTorrent on debian buster

I'm trying this but it doesn't seem to work!

# Block BitTorrent file
iptables -A FORWARD -m string --algo bm --string ".torrent" -j DROP
# Block BitTorrent Distributed Hash Table (DHT) keywords
iptables -A FORWARD -m string --algo kmp --string "find_node" -j DROP
iptables -A FORWARD -m string --algo kmp --string "info_hash" -j DROP
iptables -A FORWARD -m string --algo kmp --string "get_peers" -j DROP
iptables -A FORWARD -m string --algo kmp --string "announce_peers" -j DROP

 

[Speedster]

sudo apt remove transmission-common

 

[Herr der Verboten]

Any good ideas on stopping BitTorrent on debian buster

I'm trying this but it doesn't seem to work!

pay your sabc license?

 

[SauRoNZA]

Your going to need a bit of deep packet inspection to block it at a network layer.

Far easier to simply block the applications from running on managed devices.

 

[ArmatageShanks]

I assume its your network

So:

 

[r00igev@@r]

Your going to need a bit of deep packet inspection to block it at a network layer.

Far easier to simply block the applications from running on managed devices.

I have a dpi engine but need to write/modify code in python to implement an IPSET block. Might as well start but was hoping there was an easy workaround that I haven't thought about.

 

[ubercal]

Any good ideas on stopping BitTorrent on debian buster

I'm trying this but it doesn't seem to work!

get a proper firewall with deep packet inspection blah blah blah and its easy

 

[r00igev@@r]

get a proper firewall with deep packet inspection blah blah blah and its easy

That's no fun. This is the Linux thread and only bash is acceptable.

But I am getting one of these from the Swedes. https://www.clavister.com/products/ngfw/netwall-desktop-models/

Would have preferred a blonde...

 

[deweyzeph]

Although it doesn't really help the OP, I find that the IDS/IPS on the Ubiquiti UDM Pro is exceptionally good at blocking torrent and tor connections.

 

[ArmatageShanks]

Why not just block the offending Device.

 

[PPLdude]

Any good ideas on stopping BitTorrent on debian buster

I'm trying this but it doesn't seem to work!

You sure you don't have rules before those that would permit the traffic?

 

[r00igev@@r]

You sure you don't have rules before those that would permit the traffic?

Excellent - I should have used -I & 1 as there was a whole bunch of stuff there from firewalld.

Now just to limit it to the LAN interface and see if I can reduce the rule to process less packets.

 

[r00igev@@r]

I spoke to the SD-WAN traffic analytics guys we use and they provided a linux agent that does dpi and then pumps the bittorent matches into IPSET. Unluckily its commercial but its works like the bomb.

 

[ubercal]

@r00igev@@r

 

[r00igev@@r]

@r00igev@@r

View attachment 1281184

Sies!