The following Iptables rules will block all Torrent traffic on your server:

Log all torrent blocked traffic:

iptables -N LOG > /dev/null 2> /dev/null
iptables -F LOG
iptables -A LOG -j LOG --log-prefix "LOG"
iptables -A LOG -j DROP

Torrent block rules:

iptables -A FORWARD -m string --algo bm --string "BitTorrent" -j LOG
iptables -A FORWARD -m string --algo bm --string "BitTorrent protocol" -j LOG
iptables -A FORWARD -m string --algo bm --string "peer_id=" -j LOG
iptables -A FORWARD -m string --algo bm --string ".torrent" -j LOG
iptables -A FORWARD -m string --algo bm --string "announce.php?passkey=" -j LOG
iptables -A FORWARD -m string --algo bm --string "torrent" -j LOG
iptables -A FORWARD -m string --algo bm --string "announce" -j LOG
iptables -A FORWARD -m string --algo bm --string "info_hash" -j LOG

Fail2ban scans log files and bans IPs that show malicious signs, something like too many password failures and looking for the most common exploits.

Step1. Install Fail2ban on Debian

apt-get install fail2ban

Step2.  Configure Fail2ban.

You can configure Fail2Ban using the configuration files located in /etc/fail2ban/

The main config file and the most important is jail.local

In the following steps I will show you some configuration examples. You can study the Fail2ban man files later.

Step2.1 Add or modify the following line to set email destination for Fail2ban notifications:

destemail = contact@your-domain.tld Continue Reading...

You can view iptables entries by line with command:
iptables -L INPUT -n --line-numbers

root@tests:~# iptables -L INPUT -n –line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  —         tcp dpt:22
2   ACCEPT     tcp  —         tcp dpt:80
3    ACCEPT     tcp  —         tcp dpt:443
4    ACCEPT     tcp  —         tcp dpt:21
5   ACCEPT     all  —  
6   ACCEPT     all  —
7   ACCEPT     icmp —  
8   ACCEPT     all  —
9   DROP       all  —             state NE

You’ll get the list of all INPUT entries.  Look at the number on the left  then use the following command to delete :

iptables -D INPUT <<number here>>


The Spamhaus Project is one of the largest anti-spam DNS blacklist services known. Founded in 1998, Spamhaus has operations in Geneva, Switzerland, and London in addition to the 28 investigators and forensic specialists located in 8 countries. Spamhaus is a true 24 hour a day anti-spam operation. With over 60 public DNS Servers distributed across 18 countries, Spamhaus is able to serve billion of DNS requests to the world over, all free of charge. It has been estimated that 1.4 billion users mailboxes are in some way protected by The Spamhaus Project every day.

Here, I will show you a script that automatically blocks IPs blocked by Spamhaus:



echo “”
echo -n “Deleting DROP list from existing firewall…”

Continue Reading…

For more secure server, we have to close some ports to users.

If need access to this ports, we can give permission to our IP address.  Please dont forget, “iptables” can be block all IP address but when you restart the server it will be clean all of this commands.


1. Closing FTP port except

iptables -t filter -I INPUT 1 -p tcp -s ! –dport 21 -j REJECT –reject-with icmp-host-prohibited

2. Closing SSH port except

Continue Reading…