PDA

View Full Version : error while blocking this websites bittorrent & edonkey using iptables .

saravanang86
30th November 2010, 05:20 AM
HI.,
when i was try to execute this command in my router device it will show error...

First execution :-

# iptables -I OUTPUT -p tcp --dport 80 -m string --string "bittorrent.com" -j DROP
iptables v1.4.0: Couldn't find match `string'

Try `iptables -h' or 'iptables --help' for more information.

Second Execution :-

# iptables -I OUTPUT -p tcp --dport 80 -m string --string "edonkey.com" -j DROP
iptables v1.4.0: Couldn't find match `string'

Try `iptables -h' or 'iptables --help' for more information.

so I Need to block this kind of websites ...kindly tell me what i have to change..
here i didnt execute this command...


Regards
Saravanan G
blocky
18th June 2012, 06:13 AM
Then you have to try the following which is successfully running on my local machine
I am using class C range ip addresses in my machines

iptables -A FORWARD -p tcp --dport 53 -m string --string "facebook" --algo bm --to 65535 -j DROP

If any queries, then ask me I will do my best.

By,
Blocky
droidhacker
18th June 2012, 04:11 PM

HI.,
when i was try to execute this command in my router device it will show error...

First execution :-

# iptables -I OUTPUT -p tcp --dport 80 -m string --string "bittorrent.com" -j DROP
iptables v1.4.0: Couldn't find match `string'

Try `iptables -h' or 'iptables --help' for more information.

Second Execution :-

# iptables -I OUTPUT -p tcp --dport 80 -m string --string "edonkey.com" -j DROP
iptables v1.4.0: Couldn't find match `string'

Try `iptables -h' or 'iptables --help' for more information.

so I Need to block this kind of websites ...kindly tell me what i have to change..
here i didnt execute this command...


Regards
Saravanan G

I don't think you're qualified to be messing around with firewalls... There are just too many things wrong with what you're trying to do.

The most obvious is that you're apparently trying to stop peer to peer filesharing services by... blocking port 80 by string match??? Wow... never going to work. Do you realize that port 80 has NOTHING to do with those services?

You could try what blocky suggested, blocking DNS, but that will only block access to the websites, not the services themselves.
blocky
19th June 2012, 05:26 AM
I have used iptables version 3.5 in centos 5.5. I have tested and implemented on my machine successfully.

iptables -I OUTPUT -p tcp -m string --string "donkey" --algo bm --to 65535 -j DROP