How to limit peer-to-peer flow with netfilter/iptables

This April, saw a report that although the existing technology of a broadband company can accommodate 400 to 6 million users of the network, but at present, in the case of accommodating 450,000 users, the network has been overcrowded, often broken network situation, one to the Internet peak, the speed will drop sharply.

Why is the internet so crowded? This is because since the appearance of such as Electric Donkey, Kazaa, BT and other Peer-to-peer software, a large number of data files (such as bulk file Exchange, video file downloads, etc.) gradually occupy most of the network bandwidth. Peer-to-peer This new application brings users unprecedented convenience and rich resources, but also raises network bandwidth and security problems.

How do you make some of the necessary restrictions on the ability to play Peer-to-peer power? This article will introduce how to use Netfilter/iptables to realize the limit of peer-to-peer application traffic in Linux.

Upgrade kernel

Since there are no parameters for peer-to-peer properties in the publicly published Linux kernel files, the iptables must be upgraded by upgrading the Linux kernel and iptables to support Peer-to-peer property settings.

Before you start, take a look at some of the relevant software that you need to upgrade your kernel patches: linux-2.4.20-8.tar.gz, patch-o-matic-20040609.tar.bz2, iptables-1.2.8.tar.bz2, Iptables-p2p-0.3.0a.tar.gz and ipp2p-0.5c.tar.gz.

The test environment here is Red Hat 9.0, and the kernel is 2.4.20-8. Since 2.4.* is a stable kernel, it is not possible to commit some of the new features currently developed to the main kernel, but to test them first in patch-o-matic and then patch them into the kernel. The latest patch-o-matic package-patch-o-matic-20040609.tar.bz2 can be found in CVS.

With kernel support, iptables support is also required, where Iptables-p2p-0.3.0a.tar.gz's dedicated Peer-to-peer-enabled Iptables expansion package developed for netfilter/iptables organizations Ipp2p-0.5c.tar.gz for Eicke Friedrich developed a Peer-to-peer iptables expansion pack. These two expansion packs are unique and will be described separately later.