转载:OPENWRT 使用iptables屏蔽p2p下载

编辑/etc/firewall.user,加入以下代码:

# Log会drop的包

iptables -N LOGDROP > /dev/null 2> /dev/null
iptables -F LOGDROP
iptables -A LOGDROP -j LOG --log-prefix "LOGDROP "
iptables -A LOGDROP -j DROP

# 屏蔽种子下载的关键词

iptables -I FORWARD -m string --algo bm --string "BitTorrent" -j LOGDROP
iptables -I FORWARD -m string --algo bm --string "BitTorrent protocol" -j LOGDROP
iptables -I FORWARD -m string --algo bm --string "peer_id=" -j LOGDROP
iptables -I FORWARD -m string --algo bm --string ".torrent" -j LOGDROP
iptables -I FORWARD -m string --algo bm --string "announce.php?passkey=" -j LOGDROP
iptables -I FORWARD -m string --algo bm --string "torrent" -j LOGDROP
iptables -I FORWARD -m string --algo bm --string "announce" -j LOGDROP
iptables -I FORWARD -m string --algo bm --string "info_hash" -j LOGDROP

# 屏蔽DHT网络
iptables -I FORWARD -m string --string "get_peers" --algo bm -j LOGDROP
iptables -I FORWARD -m string --string "announce_peer" --algo bm -j LOGDROP
iptables -I FORWARD -m string --string "find_node" --algo bm -j LOGDROP


# 网上找到貌似上面就够了,但是目测p2p已深入ipv6,所以可以再屏蔽一下ipv6,操作都是一样的

ip6tables -N LOGDROP > /dev/null 2> /dev/null
ip6tables -F LOGDROP
ip6tables -A LOGDROP -j LOG --log-prefix "LOGDROP "
ip6tables -A LOGDROP -j DROP
ip6tables -I FORWARD -m string --algo bm --string "BitTorrent" -j LOGDROP
ip6tables -I FORWARD -m string --algo bm --string "BitTorrent protocol" -j LOGDROP
ip6tables -I FORWARD -m string --algo bm --string "peer_id=" -j LOGDROP
ip6tables -I FORWARD -m string --algo bm --string ".torrent" -j LOGDROP
ip6tables -I FORWARD -m string --algo bm --string "announce.php?passkey=" -j LOGDROP
ip6tables -I FORWARD -m string --algo bm --string "torrent" -j LOGDROP
ip6tables -I FORWARD -m string --algo bm --string "announce" -j LOGDROP
ip6tables -I FORWARD -m string --algo bm --string "info_hash" -j LOGDROP
ip6tables -I FORWARD -m string --string "get_peers" --algo bm -j LOGDROP
ip6tables -I FORWARD -m string --string "announce_peer" --algo bm -j LOGDROP
ip6tables -I FORWARD -m string --string "find_node" --algo bm -j LOGDROP

保存之后,执行:

/etc/init.d/firewall restart

即生效。

文章转载来源:https://xintun.lofter.com/post/1dcd13e8_c8fb947

发表评论

电子邮件地址不会被公开。 必填项已用*标注