Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitry Baskakov2022-03-19 02:47:30
VPN
Dmitry Baskakov, 2022-03-19 02:47:30

How to block torrent downloads on my VPN server?

Raised VPN on wireguard. I would like to distribute access to friends, but I'm afraid that someone will forget to turn it off and will go to those sites that the server country does not understand or download torrents, which may also not understand the country in which the server is located. Plus, traffic is limited on the servers I

need. So the question is: how can I add exceptions to the VPN server? The VPN server is on Debian

At the moment I found information about the possible existence of white / black lists, but I did not find specific information from wireguard. Also, I found information about blocking through iptable, but they say that this is a controversial option. For now, it's kind of like that. I will be glad for any thinnings and options on how best to implement such a lock

. UPD 1:
A new solution to the problem:

# apt-get update
# apt-get install xtables-addons-common

# iptables -I FORWARD -p tcp -m ipp2p --bit -j DROP
# iptables -I FORWARD -p udp -m ipp2p --bit -j DROP

How good is he?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
A
AlexVWill, 2022-03-19
@dmitrybascacov

Something like this:
https://www.digitalocean.com/community/tutorials/h...
UFW is an add-on for iptable, in accessible terms, it is a Linux firewall control utility that serves to open and close incoming and outgoing ports. Read CAREFULLY, as you can screw up!!!
It is enough to leave open ports 22, 80, 443, and those ports that are used for mail, instant messengers. It won't solve it 100%, but it will help.
Keep in mind that the order of the rules is important, the rules work "from top to bottom", i.e. if there are mutually exclusive ones, the first one in the list will work.

Report
K
ky0, 2022-03-19
@ky0

Allow only the necessary ports to go outside from the vpn - HTTP (S), mail, etc. This will solve 90% of the problems.

Report
S
splintr, 2022-03-20
@splintr

We wrote about ufw above, this is a good and simple option, the main thing is to allow the ssh port (22 by default) first.
If you have not installed fail2ban yet, you must install it, even the default settings will already help protect you from bots.

Report
E
ewgenc, 2022-03-19
@ewgenc

Giving access to friends is no longer the best idea from a security point of view.

Similar questions
S
stevi-gw232020-11-30 15:11:09
How to organize a fault-tolerant VPN connection (Mikrotik)? 3Reply
L
lmao13372020-12-01 20:04:20
Why does the Internet not work without a VPN? 0Reply
A
Alexander Blagodarnov2020-12-02 18:25:47
How to connect to ikeav2 VPN on Debian 10 server? 3Reply
P
Platon Valentinovich2019-03-16 08:47:34
Program to change IP? 2Reply
F
freeSTUD2020-12-06 18:17:17
How to keep VPN statistics on Mikrotik? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question