Blocking limewire

Pari Thiagasundaram Thu, 08/28/2008 - 11:57

This is kind of challenging as P2p Gnutella uses any TCP/UDP open ports to communicate to the other P2P host.

Configuration like NBAR should help:

class-map match-any p2p

match protocol gnutella file-transfer *

I got this config on my fa0/0 but lime wire still able to download...........any ideas...

class-map match-any sdm_p2p_kazaa

match protocol fasttrack

match protocol kazaa2

class-map match-any sdm_p2p_edonkey

match protocol edonkey

class-map match-any sdm_p2p_gnutella

match protocol gnutella file-transfer "*

class-map match-any sdm_p2p_bittorrent

match protocol bittorrent



policy-map sdmappfwp2p_AM-firewall

class sdm_p2p_edonkey


class sdm_p2p_gnutella


class sdm_p2p_kazaa


class sdm_p2p_bittorrent


It seems from the previous posts NBAR is in use to achieve the aim of blocking or dropping Limewire traffic. The issue I/we have arrived at is that NBAR sees the traffic (at least in my case) but doesn't drop it per the policy map. From my router this AM I see this:

show ip nbar protocol-discovery

gnutella Byte count in 1235245 Byte count out 52201940

show policy-map (on the interface in use)

Match: protocol gnutella file-transfer "*"

0 packets, 0 bytes

5 minute rate 0 bps

I'm still trying to use NBAR to Drop gnutella file-transfer traffic. Sadly this still isn't happening, here is the config to class and drop; any suggestions on this config?

class-map match-any Crap

match protocol bittorrent

match protocol edonkey

match protocol gnutella file-transfer "*"

match protocol fasttrack file-transfer "*"

match protocol h323



policy-map drop-Crap

class Crap


interface FastEthernet0/0


service-policy input drop-Crap




