ipfilter.dat - Specifics of it's operation

[jonno71]

I have searched but found few details of the actual operation of ipfilter.dat

I presume it is merely operating as an inbound ACL (not outbound)?

I would like to allow outbound connections only to particular subnets. Ideally, when uTorrent retrieves the list of peer & seed IP / port pairs from the tracker, I would like it to compare these IPs with a list and only attempt outbound connections to those in the list.

Currently I am blocking with an outbound ACL on my router. Resources are wasted attempting outbound connectins to 100s of peers / seeds. If ipfilter.dat only filters inbound (or even outbound also), yet the connection attempts are still made, then it is really just operating as an ACL. That's fine for inbound connections but isn't the solution I am after.

Is this possible in uTorrent?

[Switeck]

ipfilter.dat prevents outbound connection attempts to ips in its block ranges.

[jonno71]

Does it act like an ACL by blocking the request from uTorrent or does uTorrent consult it before actually initiating the outbound connection?

[GTHK]

The .dat is loaded into µT, and if an IP is on there, µT wont attempt to contact it and it won't accept connections from it.

[jewelisheaven]

It also blocks incoming connections...... else what use would it be lol

There is no EASY way to auto-create a "database" for peer filtering. Additionally no mechanism is made by default to filter incoming connections. If someone knows your IP:PORT and INFOHASH they can connect to you. This is due to the random nature of peer responses in any given tracker response. What you're asking for is infeasible... and could even go so far as malicious. Just because someone isn't in your peerlist doesn't mean they aren't on the swarm.

[jonno71]

There may be malicious uses for this - mine however is not. I receive a download quota for a particular ranges of subnets. I'd like to limit downloads to those subnets.

"If someone knows your IP:PORT and INFOHASH they can connect to you."

I don't care outbound inbound sessions. I care outbound being initiated from my side in the first place.

I think what I am asking is quite feasible but perhaps not easy.. I'm not asking for this feature.. just curious if it exists.

GTHK'S reponse indicates that a connection attempt is never made outbound. I will check this out..

Cheers.

[jewelisheaven]

I know most of the many uses people have for ipfilter. In its current implementation yes it's not that easy. The ipfilter.dat uses a block- format aka blacklist, instead of an allow- format aka whitelist. It is this whitelist which many people on impacted ISPs/areas use for your specific case. Once you set it up you can toggle ipfilter yourself to accomodate some "free time" I presume you also get along with your quota. Is the quota separated by both time and destination?

If so you can also configure the Scheduler to help you manage your bandwidth.

[jonno71]

Cheers for the reply.

Time is not a factor.. Only subnet ranges..

I am looking for a utility or webpage to covert from the "permit" whitelist subnets I have to the "deny" subnets that ipfilter.dat requires. There are a few 1000 subnets so doing this manually will take a while.

I was looking at Blocklist Manager but it's is pretty poorly designed so can't work it out, despite it looking like it can covert from one format to another. Can you suggest any software to accomplish this?

[jewelisheaven]

Sorry no I don't use ipfilter that extensively. I know I've heard of TinyBLM or whatnot from the FAQ. I would search some... targeted searches including whitelist and blacklist would definitely get you on the right track.

[jonno71]

No worries... I'll keep looking.. Cheers.

Cant anyone else suggest software or a webpage that may be able to help?