#8 Fail some packets?

[Anonymous]

I've setup iptables-p2p in a fantastic IBM Pentium75
with 32 mb ram and RedHat 7.3.
This box is between a ADSL router (10.0.0.1) and a big
wireless free network (3 Buffalo AP's with 3-sectorial
antennas) attached to the second nic card
(192.168.1.100, the old ip of the router).

Look at my FORWARD iptables results (1 day up):
Chain FORWARD (policy ACCEPT 2255K packets, 1076M
bytes)
pkts bytes target prot opt in out
source destination
7125 2699K DROP all -- * *
0.0.0.0/0 0.0.0.0/0 P2P match fasttrack
7 3549 DROP all -- * *
0.0.0.0/0 0.0.0.0/0 P2P match gnutella
7 777 DROP all -- * *
0.0.0.0/0 0.0.0.0/0 P2P match edonkey
0 0 DROP all -- * *
0.0.0.0/0 0.0.0.0/0 P2P match dc
172 18576 DROP all -- * *
0.0.0.0/0 0.0.0.0/0 P2P match bittorrent
0 0 DROP all -- * *
0.0.0.0/0 0.0.0.0/0 P2P match openft
144 6912 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:4660
3494 168K DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:4661
181 8688 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:4662
128 6144 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:4224
1356 65088 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:4242
136 6528 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:4646
815 39120 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
136 6528 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:7654
134 6432 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:6565
0 0 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:700
149 7152 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:2525
137 6576 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:4321
4 192 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:3333
263 12624 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:5555
132 6336 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:6666
0 0 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:7777
4 192 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:7778
170 8160 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:8888
4 192 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:12345
4 192 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:3721
0 0 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:9373
0 0 DROP tcp -- eth1 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:10001
2479 159K DROP udp -- * *
0.0.0.0/0 0.0.0.0/0 udp spts:137:139

As you can see, many tcp packets bypass iptables-p2p
and are stopped by the next rules of tipical ed2k servers
incoming port.
Also, with tcpdump i see sometimes some traffic going
out to 4662 ports, but about 0'5 or 1'5 kBytes/sec.

Finally with iptables-p2p i have research that 50 users
can navigate, pop3, msn, irc, perfectly. Before, the
upload of p2p networks stall the connection.

I have no problem to send the ip & root pass TO THE
DEVELOPMENT TEAM to see, test, ... that network.

Thanking you again your job, greetings from the south of
Spain.
PacoSS admin @ megaciudad . com

[Filipe Almeida]

Logged In: YES
user_id=291355

Hi,
This is natural. iptables-p2p only blocks/matches specific
packets of a p2p connection, which is enough to stop
downloads/uploads. Typically this are hello type packets.

Since iptables-p2p doesn't look at port numbers, only the
data contents, there is no way iptables-p2p can block all
packets, unless it is added by CONNMARK. Even then, initial
packets before the hello will pass.

This should not be a problem.