https://briansnelson.com/index.php?action=history&feed=atom&title=How_to_Block_Bittorrent_Traffic_with_IPtablesHow to Block Bittorrent Traffic with IPtables - Revision history2026-06-04T07:59:51ZRevision history for this page on the wikiMediaWiki 1.24.1https://briansnelson.com/index.php?title=How_to_Block_Bittorrent_Traffic_with_IPtables&diff=816&oldid=prevBrian: /* Setup the IPtables Rules */2015-01-22T13:40:39Z<p><span dir="auto"><span class="autocomment">Setup the IPtables Rules</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 13:40, 22 January 2015</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 3:</td>
<td colspan="2" class="diff-lineno">Line 3:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>IPTABLES is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>IPTABLES is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>==Setup the IPtables Rules==</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">=</ins>==Setup the IPtables Rules<ins class="diffchange diffchange-inline">=</ins>==</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>To block Bittorrent traffic with IPTABLES you can edit /etc/sysconfig/iptables (CentOS) and include the following:</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>To block Bittorrent traffic with IPTABLES you can edit /etc/sysconfig/iptables (CentOS) and include the following:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<!-- diff cache key briansne_wiki-wiki_:diff:version:1.11a:oldid:815:newid:816 -->
</table>Brianhttps://briansnelson.com/index.php?title=How_to_Block_Bittorrent_Traffic_with_IPtables&diff=815&oldid=prevBrian: Created page with "==How to Block Bittorrent Traffic with IPtables== IPTABLES is a user-space application program that allows a system administrator to configure the tables provided by the Linu..."2015-01-22T13:40:05Z<p>Created page with "==How to Block Bittorrent Traffic with IPtables== IPTABLES is a user-space application program that allows a system administrator to configure the tables provided by the Linu..."</p>
<p><b>New page</b></p><div>==How to Block Bittorrent Traffic with IPtables==<br />
<br />
IPTABLES is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores.<br />
<br />
==Setup the IPtables Rules==<br />
To block Bittorrent traffic with IPTABLES you can edit /etc/sysconfig/iptables (CentOS) and include the following:<br />
<br />
vim /etc/sysconfig/iptables<br />
<br />
First you will want to add the chain right above the first rules<br />
<br />
:RH-Firewall-1-INPUT - [0:0]<br />
<br />
Then add the following above the '''COMMIT''' line<br />
<br />
# Torrent ALGO Strings using Boyer-Moore<br />
-A RH-Firewall-1-INPUT -m string --algo bm --string "BitTorrent" -j DROP<br />
-A RH-Firewall-1-INPUT -m string --algo bm --string "BitTorrent protocol" -j DROP<br />
-A RH-Firewall-1-INPUT -m string --algo bm --string "peer_id=" -j DROP<br />
-A RH-Firewall-1-INPUT -m string --algo bm --string ".torrent" -j DROP<br />
-A RH-Firewall-1-INPUT -m string --algo bm --string "announce.php?passkey=" -j DROP<br />
-A RH-Firewall-1-INPUT -m string --algo bm --string "torrent" -j DROP<br />
-A RH-Firewall-1-INPUT -m string --algo bm --string "announce" -j DROP<br />
-A RH-Firewall-1-INPUT -m string --algo bm --string "info_hash" -j DROP<br />
-A RH-Firewall-1-INPUT -m string --algo bm --string "/default.ida?" -j DROP<br />
-A RH-Firewall-1-INPUT -m string --algo bm --string ".exe?/c+dir" -j DROP<br />
-A RH-Firewall-1-INPUT -m string --algo bm --string ".exe?/c_tftp" -j DROP<br />
<br />
# Torrent Keys<br />
-A RH-Firewall-1-INPUT -m string --string "peer_id" --algo kmp -j DROP<br />
-A RH-Firewall-1-INPUT -m string --string "BitTorrent" --algo kmp -j DROP<br />
-A RH-Firewall-1-INPUT -m string --string "BitTorrent protocol" --algo kmp -j DROP<br />
-A RH-Firewall-1-INPUT -m string --string "bittorrent-announce" --algo kmp -j DROP<br />
-A RH-Firewall-1-INPUT -m string --string "announce.php?passkey=" --algo kmp -j DROP<br />
<br />
# Distributed Hash Table (DHT) Keywords<br />
-A RH-Firewall-1-INPUT -m string --string "find_node" --algo kmp -j DROP<br />
-A RH-Firewall-1-INPUT -m string --string "info_hash" --algo kmp -j DROP<br />
-A RH-Firewall-1-INPUT -m string --string "get_peers" --algo kmp -j DROP<br />
-A RH-Firewall-1-INPUT -m string --string "announce" --algo kmp -j DROP<br />
-A RH-Firewall-1-INPUT -m string --string "announce_peers" --algo kmp -j DROP <br />
<br />
===Restart IPtables===<br />
<br />
/etc/init.d/iptables restart<br />
<br />
===View IPtables/Verify the Rules===<br />
<br />
iptables -L<br />
<br />
===Sample Output===<br />
<br />
...<br />
Chain RH-Firewall-1-INPUT (0 references)<br />
target prot opt source destination <br />
DROP all -- anywhere anywhere STRING match "BitTorrent" ALGO name bm TO 65535 <br />
DROP all -- anywhere anywhere STRING match "BitTorrent protocol" ALGO name bm TO 65535 <br />
DROP all -- anywhere anywhere STRING match "peer_id=" ALGO name bm TO 65535 <br />
DROP all -- anywhere anywhere STRING match ".torrent" ALGO name bm TO 65535 <br />
DROP all -- anywhere anywhere STRING match "announce.php?passkey=" ALGO name bm TO 65535 <br />
DROP all -- anywhere anywhere STRING match "torrent" ALGO name bm TO 65535 <br />
DROP all -- anywhere anywhere STRING match "announce" ALGO name bm TO 65535 <br />
DROP all -- anywhere anywhere STRING match "info_hash" ALGO name bm TO 65535 <br />
DROP all -- anywhere anywhere STRING match "/default.ida?" ALGO name bm TO 65535 <br />
DROP all -- anywhere anywhere STRING match ".exe?/c+dir" ALGO name bm TO 65535 <br />
DROP all -- anywhere anywhere STRING match ".exe?/c_tftp" ALGO name bm TO 65535 <br />
DROP all -- anywhere anywhere STRING match "peer_id" ALGO name kmp TO 65535 <br />
DROP all -- anywhere anywhere STRING match "BitTorrent" ALGO name kmp TO 65535 <br />
DROP all -- anywhere anywhere STRING match "BitTorrent protocol" ALGO name kmp TO 65535 <br />
DROP all -- anywhere anywhere STRING match "bittorrent-announce" ALGO name kmp TO 65535 <br />
DROP all -- anywhere anywhere STRING match "announce.php?passkey=" ALGO name kmp TO 65535 <br />
DROP all -- anywhere anywhere STRING match "find_node" ALGO name kmp TO 65535 <br />
DROP all -- anywhere anywhere STRING match "info_hash" ALGO name kmp TO 65535 <br />
DROP all -- anywhere anywhere STRING match "get_peers" ALGO name kmp TO 65535 <br />
DROP all -- anywhere anywhere STRING match "announce" ALGO name kmp TO 65535 <br />
DROP all -- anywhere anywhere STRING match "announce_peers" ALGO name kmp TO 65535</div>Brian