FTwall is short for Fast Track traffic Firewall, a P2P traffic filtering script, for Kazaa blocking.
Ftwall is a program for linux firewalls that allows the control of network traffic from "Fast Track" peer-to-peer clients (like "Kazaa" and it's derivatives).
It is designed to block network traffic from Fast Track client applications running in the "home" (or "green") network from making access to any peers on the public internet. It is ideal for use in networks where the security paradigm is "open access" for outbound connections and "tightly limited" access for inbound ones. Ftwall-1 can be used in such a network to prevent outbound Fast Track access, hence preventing illegal file downloads and uploads.
Anyone familiar with the technical problems assoicated with controlling Fast track clients in particular will be aware that a "home" client that establishes an "outbound" connection is immediately available to accept inbound connections through the established TCP/IP socket - even if the gateway firewall blocks all in-bound connections via "normal" TCP/IP and UDP mechanisms. This is a kind of limited "tunnelling". Ftwall-1 solves this (and other) problems.
Ftwall runs on Linux-based firewalls using kernel 2.4 (tested with 2.4.20) or later and iptables (test with version 1.2.6). This combination of version numbers is the current set employed by RedHat 8.0 - which is the system on which the software has been developed.
Ftwall version 1.09 is also known to run well on RedHat 9 and Fedora core versions 1 and 2.
Ftwall runs well on the "ipcop" firewall, version 1.3.0 (GPL) with the QUEUE target and string match modules added manually. I believe that it will similarly run on Smoothwall 2 (GPL) although I have not tested this. It will NOT run on Smoothwall 1.0 since this is an "ipchains" based firewall, not an "iptables" one.
FTwall has been tested with the following P2P client applications:
Kazaa 2.1.1, 2.5-beta2, 2.5.1
Kazaa Lite 2.0.2, K++ 2.4.3
iMesh 4.1 build 132, 4.2 build 138
· Ftwall requires Linux kernel version 2.4, equipped with "iptables" and the "QUEUE" target. The "ip_string" match module of iptables is desirable, but not required.
· Ftwall works with the "current" version of the Kazaa Fast track network protocol at the time of writing (July 2004). It is possible that it will need to be re-worked if the protocols are changed in future.
· Ftwall does not block the "SOCKS PROXY" connection option of FastTrack. For a complete lock-down, the firewall must block this style of traffic.