Using Linux IPTables, How to block torrents or any P2P protocols?
Solution 1:
Port based P2P blocking is hardly a 100% solution. What you might want to consider is called L7 filtering (Layer 7 filtering). Basically, linux has an implementation that does regex based matching on all packets to decide whats good and whats bad.
http://l7-filter.sourceforge.net/
This can help you block all sorts of stuff, including skype.
http://l7-filter.sourceforge.net/protocols
Please Note: Regex matching to inspect and filter packets is resource intensive making any system alot more vulnerable to DDOS attacks, the preferred method would be to target the protocol within iptables.
Solution 2:
The only proper technical solution is to have all traffic going through a proxy that will decrypt SSL traffic on the fly and then apply layer 7 filtering on the passing traffic.
Such products are pretty expensive as there is usually a big team of engineers behind them updating the rules needed to classify the packets.
You can help yourself somewhat with iptables
modules sush as before mentioned ipp2p
or l7-filter
, but they will not catch encrypted traffic.
In any case, technology is very rarely the solution for social problems, and misuse od corporate/public/whatever networks for p2p is a social problem. Try talking to your users, get your organization to create appropriate policies and enforce them with sanctions. This in my experience works much better than a constant technology arms race with your users.
Solution 3:
It's good practice to block common tracker ports like: 6881-6889 2710 6969
but this will not help against trackers binded on 80 port(i.e tpb.tracker.thepiratebay.org). So blocking all, but 80,443,22 would not help.
ipp2p is best solution i know. See Documentation/Usage section
About l7-filter. In bittorrent.pat comment says:
This pattern has been tested and is believed to work well. It will, however, not work on bittorrent streams that are encrypted, since it's impossible to match (well) encrypted data.
In BSD systems pf can apply actions depending on number of states or connections per second, so you can tag bittotent-like traffic, 'cause it rapidly generates connections. Read iptables manual, may be it can do it too.