Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitry Baskakov2022-03-19 02:47:30
VPN
Dmitry Baskakov, 2022-03-19 02:47:30

How to block torrent downloads on my VPN server?

Raised VPN on wireguard. I would like to distribute access to friends, but I'm afraid that someone will forget to turn it off and will go to those sites that the server country does not understand or download torrents, which may also not understand the country in which the server is located. Plus, traffic is limited on the servers I

need. So the question is: how can I add exceptions to the VPN server? The VPN server is on Debian

At the moment I found information about the possible existence of white / black lists, but I did not find specific information from wireguard. Also, I found information about blocking through iptable, but they say that this is a controversial option. For now, it's kind of like that. I will be glad for any thinnings and options on how best to implement such a lock

. UPD 1:
A new solution to the problem:

# apt-get update
# apt-get install xtables-addons-common

# iptables -I FORWARD -p tcp -m ipp2p --bit -j DROP
# iptables -I FORWARD -p udp -m ipp2p --bit -j DROP

How good is he?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
A
AlexVWill, 2022-03-19
@dmitrybascacov

Something like this:
https://www.digitalocean.com/community/tutorials/h...
UFW is an add-on for iptable, in accessible terms, it is a Linux firewall control utility that serves to open and close incoming and outgoing ports. Read CAREFULLY, as you can screw up!!!
It is enough to leave open ports 22, 80, 443, and those ports that are used for mail, instant messengers. It won't solve it 100%, but it will help.
Keep in mind that the order of the rules is important, the rules work "from top to bottom", i.e. if there are mutually exclusive ones, the first one in the list will work.

Report
K
ky0, 2022-03-19
@ky0

Allow only the necessary ports to go outside from the vpn - HTTP (S), mail, etc. This will solve 90% of the problems.

Report
S
splintr, 2022-03-20
@splintr

We wrote about ufw above, this is a good and simple option, the main thing is to allow the ssh port (22 by default) first.
If you have not installed fail2ban yet, you must install it, even the default settings will already help protect you from bots.

Report
E
ewgenc, 2022-03-19
@ewgenc

Giving access to friends is no longer the best idea from a security point of view.

Similar questions
K
Konstantin Stepanov2016-08-02 20:15:05
What can I do to prevent OpenVPN from distributing a gateway via DHCP? 1Reply
A
Anton Pashchenko2022-03-01 14:31:07
What billing systems exist for organizing VPN billing? 1Reply
R
rz6agx2022-03-01 15:59:59
Can I find a VPS rental in Europe without problems with payment from the Russian Federation? 3Reply
D
Dmitry Malyshok2014-07-23 19:15:08
VPN Server Windows Server 2012 R2 + VPN Client DIR-100 - how to solve the problem? 0Reply
Q
qtcute2014-07-24 10:20:42
What analogue of Website Watcher can be used? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question