How to Install IPP2P in Debian Etch to Filter P2P Traffic in your Network
What is IPP2P
The goal of the IPP2P project is to identify peer-to-peer (P2P) data in IP traffic. For this purpose we extended the iptables/netfilter architecture by a new matching module. Thereby IPP2P integrates itself easily into existing Linux firewalls and it's functionality can be used by adding appropriate filter rules.
IPP2P uses suitable search patterns to identify P2P traffic thus allowing the reliable identifcation of traffic belonging to many P2P networks. Once identified one may handle P2P traffic in different ways - dropping such traffic, putting into low priority classes or shaping to a given bandwidth limit is possible. Reducing costs, freeing network ressources and therefore improving network performance is often the result of using IPP2P.
Supported IPP2P protocol
- eDonkey, eMule
- Direct Connect
- Ares, AresLite
To compile ipp2p you need to install the kernel headers and iptables headers.
Download ipp2p source from their website
Untar the file and download Gentoo's kernel patch for ipp2p or you can download the patch attached from this blog.
Apply the patch for ipp2p
patch -p1 < ipp2p-0.8.2-iptables-1.4.0.patch
Modify the Makefile file
libipt_ipp2p.so: libipt_ipp2p.c ipt_ipp2p.h $(CC) $(CFLAGS) $(IPTABLES_OPTION) $(IPTABLES_INCLUDE) -fPIC -c libipt_ipp2p.c ld -shared -o libipt_ipp2p.so libipt_ipp2p.o
$(CC) -shared -o libipt_ipp2p.so libipt_ipp2p.o
Compile ipp2p using this command:
cp ipt_ipp2p.ko /lib/modules/2.6.18-6-686/kernel/net/netfilter/
IPP2P is now installed, you can check using this command:
You can start blocking P2P applications such as bittorrent and gnutella.