rbpark at ualberta.ca
Thu Oct 9 14:33:46 PDT 2003
Gareth Westwood wrote:
> could you not use some sort of script so that when bittolerent starts,
> iptables starts with iptables-bittol.conf and set that to accept. Then
> when it stops re-do iptables to use iptables-nobt.conf and re-load. I am
> kinda thinking like the ip-up and down scripts.
This is exactly the kind of junk that I'm trying to avoid :P
The main problem with doing a wrapper script is that bittorrent isn't a
file searching & sharing protocol like gnutella; while gnutella will use
one port for all your downloads, bittorrent uses one port for each
torrent you have open. So every time I start BT, my script would need
some logic to ACCEPT the ports that are open, and DROP the ports that
are closed, for the port range of 6881-6889.
That's certainly possible, but it's an ugly hack. What I'd much rather
do is have the firewall intelligently know when to ACCEPT or DROP the
packets based on whether or not the port is open.
Another problem with the wrapper script is that I'd have to be root to
run bittorrent, which would suck ass. :)
Now that I dropped out of university, I've got tons of time. I'm going
to recompile my kernel with the grsecurity patches in the next few days,
and see if I can't do what I want with that.
More information about the lfs-chat