PeerToPeer applications have become increasingly popular for sharing data, media and other files over the internet. They are designed to allow users to find the files they want on other user's computers, and to download them using a variety of optimised techniques, sometimes without any dependancy on central servers.
For a network administrator, PeerToPeer (P2P) traffic generates a number of challenges. For some, the bandwidth consumption needs controlling. Depending on local policies, it may be to limit the network usage or to prioritise it. For some, concerns about the legal ramifications of the downloading of copyright material may drive them towards logging or (in exteme cases) blocking the protocols altogether.
If a Linux firewall is to enforce these policies effectively, it must be able to identify the P2P traffic with a high degree of certainty. Sadly, the use of simple rules (such as port-number matching) will not work for many of the existing protocols, and more complex mechanisms have to be employed. One or two P2P applications are designed to be difficult to identify, or to make use of multiple (sometimes; encrypted) protocols in order to bypass firewalling restrictions.
The P2PWall project is focused on providing information and open source software to enable P2P protocols to be identified using a Linux firewall and the Netfilter/Iptables infrastructure. The project currently provides mechanisms for identifying (and blocking) the following protocols..
There are three GPL software packages provided by P2PWall..
lib/plugin/WlugLicense.php:99: Warning: Invalid argument supplied for foreach()
lib/plugin/WlugLicense.php:111: Notice: Undefined variable: ignore_authors