Tom Eastep 2003-2005 Thomas M. Eastep Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. This article applies to Shorewall 3.0 and later. If you are running a version of Shorewall earlier than Shorewall 3.0.0 then please see the documentation for that release. Beginning with Shorewall version 1.4.8, Shorewall can interface to ftwall. ftwall is part of the p2pwall project and is a user-space filter for applications based on the Fast Track peer to peer protocol. Applications using this protocol include Kazaa, KazaaLite, iMash and Grokster. To filter traffic from your loc zone with ftwall, you insert the following rules in the ESTABLISHED section of /etc/shorewall/rules file after any DROP or REJECT rules whose source is the loc zone. #ACTION SOURCE DEST PROTO QUEUE loc net tcp QUEUE loc net udp QUEUE loc $FW udp Now simply configure ftwall as described in the ftwall documentation and restart Shorewall. There are ftwall init scripts for use with SUSE and Debian Linux at http://shorewall.net/pub/shorewall/contrib/ftwall. Shorewall verions 2.2.0 and later also include support for the ipp2p match facility which can be use to control P2P traffic. See the Shorewall IPP2P documentation for details.