I copied a couple of lines of a p2p firewall on these boards a while back to limit the use of bittorrent, directconnect, gnutella, etc. There is 11 lines of code. Unfortunatly I cannot copy and paste it to show you what I mean. But up to now I did not know if they were working or not. But now if I go into system reports, system information and scroll down to the bottom I can see something has happened, but I do not know what.
For example under chain POSTROUTING & under the bittorent rule i can see 12155pkts and 1073904 bytes. What does it mean??

It means the rule has seen that many packets and bytes of traffic.

If you are trying to shape/limit the bandwidth that the p2p programs use, there are lines that have to go in the CBQ script as well.

I only have them in the "advanced firewall" section. Would you have a copy of the rules required for the cbq section?

client = "wlan1"

pipe 2000 bw 800k
pipe 2001 bw 56k

shape all to pipe 2000 from mark 100 out via $client
shape all to pipe 2000 from mark 101 out via $client
shape all to pipe 2000 from mark 102 out via $client
shape all to pipe 2000 from mark 103 out via $client
shape all to pipe 2000 from mark 104 out via $client
shape all to pipe 2000 from mark 105 out via $client

shape all to pipe 2001 from mark 100 in via $client
shape all to pipe 2001 from mark 101 in via $client
shape all to pipe 2001 from mark 102 in via $client
shape all to pipe 2001 from mark 103 in via $client
shape all to pipe 2001 from mark 104 in via $client
shape all to pipe 2001 from mark 105 in via $client

net = "ether1"
client = "wlan1"

iptables -A PREROUTING -t mangle -m layer7 --l7proto fasttrack -j MARK --set-mark 100
iptables -A PREROUTING -t mangle -m layer7 --l7proto bittorrent -j MARK --set-mark 101
iptables -A PREROUTING -t mangle -m layer7 --l7proto edonkey -j MARK --set-mark 102
iptables -A PREROUTING -t mangle -m layer7 --l7proto gnutella -j MARK --set-mark 103
iptables -A PREROUTING -t mangle -m layer7 --l7proto audiogalaxy -j MARK --set-mark 104
iptables -A PREROUTING -t mangle -m layer7 --l7proto bearshare -j MARK --set-mark 105

I have something similar to that, but its for customers bandwidth
Some are shaped to 1 meg down 256 up and 2 meg down 512 up. Is this similar to what your script would do or does it throttle the actual p2p programs?

I have the below in my avanced firewall script, and thats all. Is it not enough?

##### P2P Blocking ######

iptables -A FORWARD -m ipp2p --ipp2p -j DROP

iptables -A POSTROUTING -t mangle -m layer7 --l7proto audiogalaxy -j DROP
iptables -A POSTROUTING -t mangle -m layer7 --l7proto bittorrent -j DROP
iptables -A POSTROUTING -t mangle -m layer7 --l7proto directconnect -j DROP
iptables -A POSTROUTING -t mangle -m layer7 --l7proto edonkey -j DROP
iptables -A POSTROUTING -t mangle -m layer7 --l7proto gnucleuslan -j DROP
iptables -A POSTROUTING -t mangle -m layer7 --l7proto gnutella -j DROP
iptables -A POSTROUTING -t mangle -m layer7 --l7proto hotline -j DROP
iptables -A POSTROUTING -t mangle -m layer7 --l7proto mute -j DROP
iptables -A POSTROUTING -t mangle -m layer7 --l7proto openft -j DROP
iptables -A POSTROUTING -t mangle -m layer7 --l7proto tesla -j DROP
iptables -A POSTROUTING -t mangle -m layer7 --l7proto fasttrack -j DROP

Greg is that the only script you use for p2p programs running on your network? How do you find it? I assume the bandwidth you specified is for the p2p applications to use only and not your subscribers?

That's what I run to throttle p2p. Yours kills it all together. Mine limits the speed. I believe it is a AP limit. I try to severely limit the upload side. It's a very popular application and I have a blurb and some links regarding it in our TOS explaining the pitfalls. I haven't had any issues with it since putting these limits in place. Recently, I've been helping a law firm with a case and actually installed Limewire on a PC for the first time. I see what the great attraction is. I recently bumped up the download speed even though I didn't get any complaints.

Well it did'nt drop anything for me. Subscribers were still downloading p2p applications as hard as ever.
Do you see where you have client = "wlan1, should I not change the "wlan1" to "wpci1"?

You'd want to aim it at whatever is your gateway to the clients. It won't work otherwise.

You'd want to aim it at whatever is your gateway to the clients. It won't work otherwise.
It still does not seem to work. I opened up limewire on my machine and was able to download a file at 200k's! even though i had the p2p throttled down to 28k each way. Greg do you not have a problem with people opening up a lot of connections? I had a customer whom had over 50 connections opened up and it brought everything down to a snails pace until I blocked him. Surely you must have the same problem?

I tried regulating it though the script to no avail. Now, I just contact the offending customer directly and inquire as to what's going on. Many times it's their kids and the parents have no idea what the kids are doing. I request that it either be controlled or removed. So far, it has worked well.

I have the speed regulated very well but the ports are still potentially a problem.

I haven't had to deal with p2p issues for several months for whatever reason. Most of my major AP's are still running on PC's and v2. I do have a policy statement on the website that explains and discourages the usage of such programs but I doubt too many have read it.

I don't do anything specifically to P2P. I just give the customer's overall traffic the two cbq pipes for up and down and the P2P is included in that. I often use "fb" for the "upstream" side of a customer's connection who leaves P2P on a lot.

I haven't ever had a problem with P2P apps overrunning my CBQ limits.