[CentOS-es] ipp2p sobre centos 5

Gino Francisco Alania Hurtado galania en nitcom.com
Mie Sep 23 01:40:43 UTC 2009 

[root en ns ~]# find /lib64/iptables -name libipt_ipp2p.so
/lib64/iptables/libipt_ipp2p.so


[root en ns ~]# iptables -m ipp2p --help
iptables v1.3.5

Usage: iptables -[AD] chain rule-specification [options]
       iptables -[RI] chain rulenum rule-specification [options]
       iptables -D chain rulenum [options]
       iptables -[LFZ] [chain] [options]
       iptables -[NX] chain
       iptables -E old-chain-name new-chain-name
       iptables -P chain target [options]
       iptables -h (print this help information)

Commands:
Either long or short options are allowed.
  --append  -A chain        Append to chain
  --delete  -D chain        Delete matching rule from chain
  --delete  -D chain rulenum
                Delete rule rulenum (1 = first) from chain
  --insert  -I chain [rulenum]
                Insert in chain as rulenum (default 1=first)
  --replace -R chain rulenum
                Replace rule rulenum (1 = first) in chain
  --list    -L [chain]        List the rules in a chain or all chains
  --flush   -F [chain]        Delete all rules in  chain or all chains
  --zero    -Z [chain]        Zero counters in chain or all chains
  --new     -N chain        Create a new user-defined chain
  --delete-chain
            -X [chain]        Delete a user-defined chain
  --policy  -P chain target
                Change policy on chain to target
  --rename-chain
            -E old-chain new-chain
                Change chain name, (moving any references)
Options:
  --proto    -p [!] proto    protocol: by number or name, eg. `tcp'
  --source    -s [!] address[/mask]
                source specification
  --destination -d [!] address[/mask]
                destination specification
  --in-interface -i [!] input name[+]
                network interface name ([+] for wildcard)
  --jump    -j target
                target for rule (may load target extension)
  --goto      -g chain
                              jump to chain with no return
  --match    -m match
                extended match (may load extension)
  --numeric    -n        numeric output of addresses and ports
  --out-interface -o [!] output name[+]
                network interface name ([+] for wildcard)
  --table    -t table    table to manipulate (default: `filter')
  --verbose    -v        verbose mode
  --line-numbers        print line numbers when listing
  --exact    -x        expand numbers (display exact values)
[!] --fragment    -f        match second or further fragments only
  --modprobe=<command>        try to insert modules using this command
  --set-counters PKTS BYTES    set the counter during insert/append
[!] --version    -V        print package version.

IPP2P v0.8.2 options:
 --ipp2p    Grab all known p2p packets
 --edk        [TCP&UDP]    All known eDonkey/eMule/Overnet packets
 --dc        [TCP]         All known Direct Connect packets
 --kazaa    [TCP&UDP]     All known KaZaA packets
 --gnu        [TCP&UDP]    All known Gnutella packets
 --bit        [TCP&UDP]    All known BitTorrent packets
 --apple    [TCP]         All known AppleJuice packets
 --winmx    [TCP]         All known WinMX
 --soul        [TCP]         All known SoulSeek
 --ares        [TCP]         All known Ares

 EXPERIMENTAL protocols (please send feedback to: ipp2p en ipp2p.org) :
 --mute        [TCP]        All known Mute packets
 --waste    [TCP]        All known Waste packets
 --xdcc        [TCP]        All known XDCC packets (only xdcc login)

 DEBUG SUPPPORT, use only if you know why
 --debug        Generate kernel debug output, THIS WILL SLOW DOWN THE FILTER

Note that the follwing options will have the same meaning:
 '--ipp2p' is equal to '--edk --dc --kazaa --gnu --bit --apple --winmx 
--soul --ares'

IPP2P was intended for TCP only. Due to increasing usage of UDP we 
needed to change this.
You can now use -p udp to search UDP packets only or without -p switch 
to search UDP and TCP packets.

See README included with this package for more details or visit 
http://www.ipp2p.org

Examples:
 iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
 iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP
 iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP

[root en ns ~]#


Enrique Quezada escribió:
>> [root en ns ~]# find /lib/modules/2.6.18-164.el5/ -name ipt_ipp2p.o
>> /lib/modules/2.6.18-164.el5/kernel/net/netfilter/ipt_ipp2p.o
>>
>> [root en ns ~]# lsmod
>> Module                  Size  Used by
>> ipt_ipp2p              40448  0
>>
>>
>> aparentemente todo carga bien , pero la regla sale con ese error ?
>>     
>
> Gino, verifica que tengas el archivo libipt_ipp2p.so en /lib64/iptables/ y
> prueba con iptables -m ipp2p --help.
>
> Saludos.
>
>
>

Más información sobre la lista de distribución CentOS-es