Nowadays, iptables support a so called Layer 7 filtering, which makes things signifficantly easier and more effective whem it comes to blocking torrent with a help of iptablesm or just filtering those packets and loging them.

I’ll suppose that you have a (CentOS) linux router. In that case you will be using the FORWARD chain in iptables to control which service/port can pass through the router, and which can not.

So, let’s put this in the forward chain:

iptables -A FORWARD -m string --string "BitTorrent" --algo bm --to 65535 -j DROP
iptables -A FORWARD -m string --string "BitTorrent protocol" --algo bm --to 65535 -j DROP
iptables -A FORWARD -m string --string "peer_id=" --algo bm --to 65535 -j DROP
iptables -A FORWARD -m string --string ".torrent" --algo bm --to 65535 -j DROP
iptables -A FORWARD -m string --string "announce.php?passkey=" --algo bm --to 65535 -j DROP
iptables -A FORWARD -m string --string "torrent" --algo bm --to 65535 -j DROP
iptables -A FORWARD -m string --string "announce" --algo bm --to 65535 -j DROP
iptables -A FORWARD -m string --string "info_hash" --algo bm --to 65535 -j DROP

The point here is, you can’t really block random P2P traffic once it’s established, but you can block the announcement packets, rendering all P2P protocols unusable – in other words, you block establishing P2P communication. This is the trick how to block torrents.

One last word. As usual, I recommend logging when you do things like this – else you’ll never know why your packets are being dropped in some random situations. In the example above, I used the DROP action as destiny of the announcement packets. In a practical situation, I’d create a dedicated chain, and send the packets there. That chain would eventually filter out IP addresses that I want to allow P2P communication, and finally log and drop at the end.

3 thoughts on “Blocking torrent with iptables (or any other P2P)

  1. nop dont’ work, the only way is:
    iptables -I FORWARD -p tcp -m multiport –dports 1024:65535 -m iprange –src-range 192.168.0.1-192.168.0.100 -j DROP
    iptables -I FORWARD -p udp -m multiport –dports 1024:65535 -m iprange –src-range 192.168.0.1-192.168.0.100 -j DROP

    test in my centos 6.7 x64

    1. It does work for most of it (at least it did when the article was written). Naturally, your box actually has to be the gateway for this to work (not a client), and the idea behind it is to catch and drop the .torrent propagation. Maybe it would be worth to log some traffic and see if the protocol has changed/updated lately, since this article is not new. I’ll do that these days and update the article if I find anything.

      Your way – you’re blocking all traffic above port 1024. That’s not very effective (what if I put my torrent to work on port 443?)

Leave a Reply

Your email address will not be published. Required fields are marked *