iptables -m ipp2p --help

Пример:

 
iptables -A FORWARD -p tcp -m ipp2p --bit -j DROP      /*TCP traffic only*/
iptables -A FORWARD -p udp -m ipp2p --bit -j DROP      /*UDP traffic only*/
iptables -A FORWARD -m ipp2p --bit -j DROP             /*UDP and TCP traffic*/

iptables -A FORWARD -m ipp2p --edk --kazaa --gnu --bit --apple --dc --soul --winmx --ares -j DROP

pp2p v0.10 match options:

  --edk    [tcp,udp]  All known eDonkey/eMule/Overnet packets
  --dc     [tcp]      All known Direct Connect packets
  --kazaa  [tcp,udp]  All known KaZaA packets
  --gnu    [tcp,udp]  All known Gnutella packets
  --bit    [tcp,udp]  All known BitTorrent packets
  --apple  [tcp]      All known AppleJuice packets
  --winmx  [tcp]      All known WinMX
  --soul   [tcp]      All known SoulSeek
  --ares   [tcp]      All known Ares

EXPERIMENTAL protocols:

  --mute   [tcp]      All known Mute packets
  --waste  [tcp]      All known Waste packets
  --xdcc   [tcp]      All known XDCC packets (only xdcc login)

Для маркироски P2P трафика необходим модуль CONNMARK.
Пример для маркировки и использования:

iptables -A PREROUTING -t mangle -p tcp -j CONNMARK --restore-mark                      # ctmark -> nfmark
iptables -A PREROUTING -t mangle -p tcp -m mark ! --mark 0 -j ACCEPT                    # if mark exist nothing to do
iptables -A PREROUTING -t mangle -p tcp -m ipp2p --ipp2p -j MARK --set-mark 1           # set nfmark to 1
iptables -A PREROUTING -t mangle -m layer7 --l7proto bittorrent -j MARK --set-mark 1    # set nfmark to 1
iptables -A PREROUTING -t mangle -p tcp -m mark --mark 1 -j CONNMARK --save-mark        # nfmark -> ctmark

В результате каждый UDP и TCP пакет в содединении будет иметь метку «1». И далее соответственно:

tc filter add dev eth0 parent 1:0 protocol ip prio 4 handle 1 fw classid 1:11
tc filter add dev eth1 parent 2:0 protocol ip prio 4 handle 1 fw classid 2:11

Перевод выдержки из документации по ipp2p модулю.