I'm trying to setup a very basic egress firewall that will block all outgoing traffic except for things that I really want to pass out. Apart from usual ports like 80, 443, 53 I would like to allow torrents to be downloaded which I will queue later. The problem I'm running into is with magnet links - they are trying to open UDP connections on ports 80, 1337, 6969 and range 6881-6999(I see those in pftop). If I allow all outgoing traffice everything works fine but if I block everything but allow outgoing UDP traffic on those ports ktorrent can't open magnets.
Is there anything that I'm missing about magnet links? I don't see any other ports being opened when download starts(in a pass all out scenario).
You do understand that people will be running p2p on all kinds of ports, not just a handful.. Pretty much all the high ports >1024 so if you want p2p to actually work, your not going to be able to block outbound traffic.
Now your links might be a handful of ports, but once you get into a swarm you have no idea what port the other members of the swarm will be running their p2p clients on.. could be pretty much anything between 1024 and 65k
I solved this. I noticed that torrent works on random high ports so I limited bandwidth on all ports except on certain list of ports. I know that this is not a perfect solution but it's godo enough.
"I noticed that torrent works on random high ports"
You noticed huh? ;) hehehehe Ok