How to Install IPP2P in Debian Etch to Filter P2P Traffic in your Network

What is IPP2P

The goal of the IPP2P project is to identify peer-to-peer (P2P) data in IP traffic. For this purpose we extended the iptables/netfilter architecture by a new matching module. Thereby IPP2P integrates itself easily into existing Linux firewalls and it's functionality can be used by adding appropriate filter rules.

IPP2P uses suitable search patterns to identify P2P traffic thus allowing the reliable identifcation of traffic belonging to many P2P networks. Once identified one may handle P2P traffic in different ways - dropping such traffic, putting into low priority classes or shaping to a given bandwidth limit is possible. Reducing costs, freeing network ressources and therefore improving network performance is often the result of using IPP2P.

Supported IPP2P protocol

  • eDonkey, eMule
  • KaZaA
  • Gnutella
  • Direct Connect
  • BitTorrent
  • AppleJuice
  • WinMX
  • SoulSeek
  • Ares, AresLite

To compile ipp2p you need to install the kernel headers and iptables headers.

apt-get install linux-headers-$(uname -r) iptables-dev

Download ipp2p source from their website


Untar the file and download Gentoo's kernel patch for ipp2p or you can download the patch attached from this blog.

cd ../ipp2p-0.8.2

Apply the patch for ipp2p

patch -p1 < ipp2p-0.8.2-kernel-2.6.22.patch
patch -p1 < ipp2p-0.8.2-iptables-1.4.0.patch

Modify the Makefile file

vi Makefile

and change: libipt_ipp2p.c ipt_ipp2p.h
	ld -shared -o libipt_ipp2p.o


        $(CC) -shared -o libipt_ipp2p.o

Compile ipp2p using this command:


Copy libraries

cp /lib/iptables/
cp ipt_ipp2p.ko /lib/modules/2.6.18-6-686/kernel/net/netfilter/

and run

depmod -a

IPP2P is now installed, you can check using this command:

iptables -m ipp2p --help

You can start blocking P2P applications such as bittorrent and gnutella.