Publicado en English

How to keep P2P users out of your network with openwrt

Publicado el por Juan Jose Pablos

Say that you have a open wireless network connection and you have some users that use P2P programs to download stuff. The main problem with P2P programs is the number o connections that try to open on the ADSL router so the NAT table gets full pretty quickly.

#!/bin/sh
# Ban. Add mac to the forward table if the number of connecions get 100

for ip in $(grep "br-lan" /proc/net/arp | awk '{print $1}'); do

cont=$(grep -c "$ip" /proc/net/ip_conntrack);
mac=$(grep "$ip" /proc/net/arp| awk '{print $4}');

if [ "$cont" -gt "100" ] ;then
echo iptables -A forwarding_rule -m mac --mac-source $mac -j DROP;
fi
logger "$ip $mac $cont";
done

so create a entry on /etc/crontabs/root

# run this script every hour
0,10,20,30,40,50 * * * * /etc/ban > /dev/null
0 * * * * /etc/unban > /dev/null
ban