Monday, November 23, 2015

iptables rules for BBC IPlayer




GOAL: strict output rules to allow the use of iplayer but make it hard for other p2p programmes.



I'm relatively new to server admin and iptables. Because I can't rely on my users to behave, I've set up the OUTPUT to default to drop rather than accept.



I've opened up ports 22, 80 and 443 for my own remote access and for the users' web browsing. Now I want to allow the use of the BBCS iplayer software. For those who don't know this is basically p2p software for the distribution of BBC programmes (it's by the BBC so all legit.)



The BBC say to open up ports 80, 443, 947, 1948, 4000, 5000, 8888. I assume this refers to INPUT in my iptables. But what would I have to open up for OUTPUT as that's default to drop? The same ports?



When I open the relevant ports in OUTPUT, is there anyway I can specify to allow only traffic for the BBC iplayer and not say Azureus using standard iptables rules? I can't use stuff like -d destination as it's p2p and surely that would change.




I know ports are supposed to in a way target a programme but I know that in azureus you can change the port number. Though I doubt my small number of users are tech savvy enough to do so, am I right in thinking it's possible to simply enter one of the BBC iplayer ports I've opened in azureus and start torrenting?


Answer



Any particular reason you want to allow the use of the P2P version of the iPlayer?
You could remove this problem altogther by either using the online flash player, or using the Adobe Air client, which uses HTTP direct downloads, rather than P2P.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...