I'm trying to reject all the output traffic over the ports 6881 to 6889 related to the protocol P2P/Bittorrent using NFTables. Any help would be appreciated as I don't get with the rule.
Asked
Active
Viewed 348 times
1 Answers
0
Since nftables currently doesn't support layer 7 regex matching so it's not possible to use such regular expressions to match the packets, I'm just gonna give you what you asked by filtering the ports.
In this example we block the traffic generated by the host itself, and also if the host is acting as a router we're gonna block that as well.
table inet filter {
chain output {
type filter hook output priority filter;
policy accept;
jump block_bittorrent
}
chain forward {
type filter hook forward priority filter;
policy accept;
jump block_bittorrent;
}
chain block_bittorrent {
tcp dport 6881-6889 counter drop;
udp dport 6881-6889 counter drop;
}
}
Let me mention that it might be possible to use Raw Payload Expressions in nftables in order to do the matching but that requires more investigation.
The Moisrex
- 1,857
- 1
- 14
- 16