Block torrent and SMTP on Ubuntu Server

it's very important to block and control the traffic that is passing through our servers. We all know, if we don't care, our servers would be suspended very soon due to many copyrights infringements from our clients.

So I'm trying to block and control torrent activities on my Ubuntu server using a combination of Iptables and PeerGaurdian. To do so, I simply start by defining many rules in Iptables as follows:

root@VPN:~#

iptables -A OUTPUT -m string --algo bm --string "GET /announce?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /announce?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /scrape?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /scrape?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /announce.php?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /announce.php?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /scrape.php?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /scrape.php?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /announce.php?passkey=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /announce.php?passkey=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /scrape.php?passkey=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /scrape.php?passkey=" -j DROP
iptables -A OUTPUT -m string --algo bm --hex-string "|13426974546f7272656e742070726f746f636f6c|" -j DROP
iptables -A FORWARD -m string --algo bm --hex-string "|13426974546f7272656e742070726f746f636f6c|" -j DROP
iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j DROP
iptables -A FORWARD -m string --algo bm --string "peer_id=" -j DROP
iptables -A FORWARD -m string --algo bm --string ".torrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j DROP
iptables -A FORWARD -m string --algo bm --string "torrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "announce" -j DROP
iptables -A FORWARD -m string --algo bm --string "info_hash" -j DROP
iptables -A FORWARD -m string --string "get_peers" --algo bm -j DROP
iptables -A FORWARD -m string --string "announce_peer" --algo bm -j DROP
iptables -A FORWARD -m string --string "find_node" --algo bm -j DROP
iptables -A OUTPUT -m string --algo bm --string "BitTorrent" -j DROP
iptables -A OUTPUT -m string --algo bm --string "BitTorrent protocol" -j DROP
iptables -A OUTPUT -m string --algo bm --string "peer_id=" -j DROP
iptables -A OUTPUT -m string --algo bm --string ".torrent" -j DROP
iptables -A OUTPUT -m string --algo bm --string "announce.php?passkey=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "torrent" -j DROP
iptables -A OUTPUT -m string --algo bm --string "announce" -j DROP
iptables -A OUTPUT -m string --algo bm --string "info_hash" -j DROP
iptables -A OUTPUT -m string --string "get_peers" --algo bm -j DROP
iptables -A OUTPUT -m string --string "announce_peer" --algo bm -j DROP
iptables -A OUTPUT -m string --string "find_node" --algo bm -j DROP


If you still didn't block SMTP ports, go ahead and define these six rules:

iptables -A OUTPUT -p TCP --dport 25 -j DROP
iptables -A OUTPUT -p TCP --dport 465 -j DROP
iptables -A OUTPUT -p TCP --dport 587 -j DROP
iptables -A FORWARD -p TCP --dport 25 -j DROP
iptables -A FORWARD -p TCP --dport 465 -j DROP
iptables -A FORWARD -p TCP --dport 587 -j DROP


Now list your current Iptables rules to make sure all above mentioned rules are successfully entered:

root@VPN:~# iptables -L


At this moment we need to make all these rule persistent, so if we reboot the server, Iptables automatically reloads them:

root@VPN:~# apt-get install iptables-persistent


Next step is PeerGaurdian installation and configuration:

root@VPN:~# apt-get install python-software-properties

root@VPN:~# add-apt-repository ppa:jre-phoenix/ppa

root@VPN:~# apt-get update

root@VPN:~# apt-get install pgld pglcmd pglgui


Note: Be aware of PeerGaurdian automatic start during installation.

Now edit your PeerGaurding configuration file:

root@VPN:~# nano /etc/pgl/pglcmd.conf


Add these five lines to your config and save the file:

INIT="1"

CRON="1"

LOG_SYSLOG="0"

LOG_LOGFILE="0"

WHITE_TCP_OUT="https http ftp"


Now, let's edit PeerGaurdian block list configuration:

root@VPN:~# nano /etc/pgl/blocklists.list


There are many predefined block lists in this configuration file. Simply un-comment your preferred lists and save the file. I suggest you to go on with following lists:

http://list.iblocklist.com/lists/bluetack/bogon

http://list.iblocklist.com/lists/bluetack/level-1

http://www.botrevolt.com/lists/Bot-Revolt-Exclusive

http://list.iblocklist.com/lists/tbg/primary-threats

As you notice, most of these block lists are supplying by iBlocklist.com. They have also many commercial lists available for an small annual subscription fee. Subscription to iBlocklist.com is recommended to have the opportunity to use their Anti-Infringement list.

Our configuration is finished now. Just restart your PeerGaurdian:

root@VPN:~# pglcmd restart


It takes a few seconds to update all lists and it would start automatically. To make sure it's working correctly, just ping BBC website since it's available in block list and should be blocked by default:

root@VPN:~# ping bbc.co.uk


You will face with "Destination Port Unreachable" as ping reply. It means your PeerGaurdian configured properly and blocks any suspicious Anti-infringement IP address out there.

Now reboot your server and make sure both Iptables and PeerGaurdian are working properly.

  • Block torrent and SMTP on Ubuntu Server
  • 1 Benutzer fanden dies hilfreich
War diese Antwort hilfreich?

Verwandte Artikel

centos add extra ips

to add extra ips on centos you can use nmtui command there is video on youtube please watch...

Powered by WHMCompleteSolution