it's very important to block and control the traffic that is passing through our servers. We all know, if we don't care, our servers would be suspended very soon due to many copyrights infringements from our clients.
So I'm trying to block and control torrent activities on my Ubuntu server using a combination of Iptables and PeerGaurdian. To do so, I simply start by defining many rules in Iptables as follows:
root@VPN:~#
iptables -A OUTPUT -m string --algo bm --string "GET /announce?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /announce?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /scrape?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /scrape?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /announce.php?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /announce.php?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /scrape.php?info_hash=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /scrape.php?info_hash=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /announce.php?passkey=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /announce.php?passkey=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "GET /scrape.php?passkey=" -j DROP
iptables -A FORWARD -m string --algo bm --string "GET /scrape.php?passkey=" -j DROP
iptables -A OUTPUT -m string --algo bm --hex-string "|13426974546f7272656e742070726f746f636f6c|" -j DROP
iptables -A FORWARD -m string --algo bm --hex-string "|13426974546f7272656e742070726f746f636f6c|" -j DROP
iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j DROP
iptables -A FORWARD -m string --algo bm --string "peer_id=" -j DROP
iptables -A FORWARD -m string --algo bm --string ".torrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j DROP
iptables -A FORWARD -m string --algo bm --string "torrent" -j DROP
iptables -A FORWARD -m string --algo bm --string "announce" -j DROP
iptables -A FORWARD -m string --algo bm --string "info_hash" -j DROP
iptables -A FORWARD -m string --string "get_peers" --algo bm -j DROP
iptables -A FORWARD -m string --string "announce_peer" --algo bm -j DROP
iptables -A FORWARD -m string --string "find_node" --algo bm -j DROP
iptables -A OUTPUT -m string --algo bm --string "BitTorrent" -j DROP
iptables -A OUTPUT -m string --algo bm --string "BitTorrent protocol" -j DROP
iptables -A OUTPUT -m string --algo bm --string "peer_id=" -j DROP
iptables -A OUTPUT -m string --algo bm --string ".torrent" -j DROP
iptables -A OUTPUT -m string --algo bm --string "announce.php?passkey=" -j DROP
iptables -A OUTPUT -m string --algo bm --string "torrent" -j DROP
iptables -A OUTPUT -m string --algo bm --string "announce" -j DROP
iptables -A OUTPUT -m string --algo bm --string "info_hash" -j DROP
iptables -A OUTPUT -m string --string "get_peers" --algo bm -j DROP
iptables -A OUTPUT -m string --string "announce_peer" --algo bm -j DROP
iptables -A OUTPUT -m string --string "find_node" --algo bm -j DROP
If you still didn't block SMTP ports, go ahead and define these six rules:
iptables -A OUTPUT -p TCP --dport 25 -j DROP
iptables -A OUTPUT -p TCP --dport 465 -j DROP
iptables -A OUTPUT -p TCP --dport 587 -j DROP
iptables -A FORWARD -p TCP --dport 25 -j DROP
iptables -A FORWARD -p TCP --dport 465 -j DROP
iptables -A FORWARD -p TCP --dport 587 -j DROP
Now list your current Iptables rules to make sure all above mentioned rules are successfully entered:
root@VPN:~# iptables -L
At this moment we need to make all these rule persistent, so if we reboot the server, Iptables automatically reloads them:
root@VPN:~# apt-get install iptables-persistent
Next step is PeerGaurdian installation and configuration:
root@VPN:~# apt-get install python-software-properties
root@VPN:~# add-apt-repository ppa:jre-phoenix/ppa
root@VPN:~# apt-get update
root@VPN:~# apt-get install pgld pglcmd pglgui
Note: Be aware of PeerGaurdian automatic start during installation.
Now edit your PeerGaurding configuration file:
root@VPN:~# nano /etc/pgl/pglcmd.conf
Add these five lines to your config and save the file:
INIT="1"
CRON="1"
LOG_SYSLOG="0"
LOG_LOGFILE="0"
WHITE_TCP_OUT="https http ftp"
Now, let's edit PeerGaurdian block list configuration:
root@VPN:~# nano /etc/pgl/blocklists.list
There are many predefined block lists in this configuration file. Simply un-comment your preferred lists and save the file. I suggest you to go on with following lists:
http://list.iblocklist.com/lists/bluetack/bogon
http://list.iblocklist.com/lists/bluetack/level-1
http://www.botrevolt.com/lists/Bot-Revolt-Exclusive
http://list.iblocklist.com/lists/tbg/primary-threats
As you notice, most of these block lists are supplying by iBlocklist.com. They have also many commercial lists available for an small annual subscription fee. Subscription to iBlocklist.com is recommended to have the opportunity to use their Anti-Infringement list.
Our configuration is finished now. Just restart your PeerGaurdian:
root@VPN:~# pglcmd restart
It takes a few seconds to update all lists and it would start automatically. To make sure it's working correctly, just ping BBC website since it's available in block list and should be blocked by default:
root@VPN:~# ping bbc.co.uk
You will face with "Destination Port Unreachable" as ping reply. It means your PeerGaurdian configured properly and blocks any suspicious Anti-infringement IP address out there.
Now reboot your server and make sure both Iptables and PeerGaurdian are working properly.
