Block some bittorrent traffic which is better than nothing (still on behalf of Paramount Pictures)
This commit is contained in:
parent
bbf17c8a92
commit
a04e12f8e4
2 changed files with 51 additions and 0 deletions
50
config/bittorrent-blocker.nix
Normal file
50
config/bittorrent-blocker.nix
Normal file
|
@ -0,0 +1,50 @@
|
|||
{ ... }: {
|
||||
networking.firewall.extraCommands = ''
|
||||
# Taken from https://gist.github.com/rampageX/5cbe95be43ca3165f4d963629e3bb946
|
||||
# Block Torrent algo string using Boyer-Moore (bm)
|
||||
iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j DROP
|
||||
iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j DROP
|
||||
iptables -A FORWARD -m string --algo bm --string "peer_id=" -j DROP
|
||||
iptables -A FORWARD -m string --algo bm --string ".torrent" -j DROP
|
||||
iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j DROP
|
||||
iptables -A FORWARD -m string --algo bm --string "torrent" -j DROP
|
||||
iptables -A FORWARD -m string --algo bm --string "announce" -j DROP
|
||||
iptables -A FORWARD -m string --algo bm --string "info_hash" -j DROP
|
||||
iptables -A FORWARD -m string --algo bm --string "/default.ida?" -j DROP
|
||||
iptables -A FORWARD -m string --algo bm --string ".exe?/c+dir" -j DROP
|
||||
iptables -A FORWARD -m string --algo bm --string ".exe?/c_tftp" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo bm --string "BitTorrent" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo bm --string "peer_id=" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo bm --string ".torrent" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo bm --string "torrent" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo bm --string "announce" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo bm --string "info_hash" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo bm --string "/default.ida?" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo bm --string ".exe?/c+dir" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo bm --string ".exe?/c_tftp" -j DROP
|
||||
# Block Torrent keys
|
||||
iptables -A FORWARD -m string --algo kmp --string "peer_id" -j DROP
|
||||
iptables -A FORWARD -m string --algo kmp --string "BitTorrent" -j DROP
|
||||
iptables -A FORWARD -m string --algo kmp --string "BitTorrent protocol" -j DROP
|
||||
iptables -A FORWARD -m string --algo kmp --string "bittorrent-announce" -j DROP
|
||||
iptables -A FORWARD -m string --algo kmp --string "announce.php?passkey=" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo kmp --string "peer_id" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo kmp --string "BitTorrent" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo kmp --string "BitTorrent protocol" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo kmp --string "bittorrent-announce" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo kmp --string "announce.php?passkey=" -j DROP
|
||||
# Block Distributed Hash Table (DHT) keywords
|
||||
iptables -A FORWARD -m string --algo kmp --string "find_node" -j DROP
|
||||
iptables -A FORWARD -m string --algo kmp --string "info_hash" -j DROP
|
||||
iptables -A FORWARD -m string --algo kmp --string "get_peers" -j DROP
|
||||
iptables -A FORWARD -m string --algo kmp --string "announce" -j DROP
|
||||
iptables -A FORWARD -m string --algo kmp --string "announce_peers" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo kmp --string "find_node" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo kmp --string "info_hash" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo kmp --string "get_peers" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo kmp --string "announce" -j DROP
|
||||
ip6tables -A FORWARD -m string --algo kmp --string "announce_peers" -j DROP
|
||||
'';
|
||||
}
|
|
@ -20,6 +20,7 @@
|
|||
./services/loki.nix
|
||||
./services/reverse-proxy.nix
|
||||
./services/matrix-media-repo.nix
|
||||
./bittorrent-blocker.nix
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod" ];
|
||||
|
|
Loading…
Reference in a new issue