Block p2p traffic
Hardware talk

12 posts   •   Page 1 of 1
Nanflexal
Frequent Visitor
Frequent Visitor
 
Posts: 98
Joined: Wed Sep 16, 2009 7:34 am

Block p2p traffic

by Nanflexal » Mon May 23, 2011 12:56 pm

Guys,

how do i block p2p traffic on my RB493AH? i have very limited internet at the moment so i want to filter or block p2p traffic while i wait my dedicated internet line.

Could someone tell me where to download regexp and miktrotik firewall rules to block p2p traffic.


Thanks

User avatar
TKITFrank
Member Candidate
Member Candidate
 
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

by TKITFrank » Mon May 23, 2011 2:01 pm

Hi,

Have a look at this topic.
viewtopic.php?t=21178
MTCNA

"I don't believe UNIX is Utopia. It's just the best set of tools around."

Nanflexal
Frequent Visitor
Frequent Visitor
 
Posts: 98
Joined: Wed Sep 16, 2009 7:34 am

Re: Block p2p traffic

by Nanflexal » Mon May 23, 2011 2:23 pm

TKITFrank wrote:Hi,

Have a look at this topic.
viewtopic.php?t=21178


Thanks for the link but too many example / firewall rules. which once can you recommend?


thanks

User avatar
TKITFrank
Member Candidate
Member Candidate
 
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

by TKITFrank » Tue May 24, 2011 11:07 am

Hi,

I use these in my firewall
viewtopic.php?p=176066#p176066
viewtopic.php?p=204108#p204108

Remember that these rules use L7 so it uses quite some CPU depending on traffic.
MTCNA

"I don't believe UNIX is Utopia. It's just the best set of tools around."

Nanflexal
Frequent Visitor
Frequent Visitor
 
Posts: 98
Joined: Wed Sep 16, 2009 7:34 am

Re: Block p2p traffic

by Nanflexal » Tue May 24, 2011 7:59 pm

TKITFrank is this your config?

Here is the config
DNS
/ip dns static
add address=127.0.0.1 disabled=no name=router.utorrent.com ttl=1d
add address=127.0.0.1 disabled=no name=dht.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vrpc.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vzrpx020.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vzapp020.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=client.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=mirror-user1.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=ip.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=jp.bitcomet.com ttl=1d
add address=127.0.0.1 disabled=no name=torrent-cache.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=inside.bitcomet.com ttl=1d
add address=127.0.0.2 disabled=no name=router.bitcomet.net ttl=1d

L7 filter
/ip firewall layer7-protocol
add comment="" name=BITTORRENT regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add comment="" name=BITTORRENT_ANNOUNCE regexp=^get.+announce.

I use the L7 in the mangel rules combined with the normal Mikrotik p2p detection and add mark them as p2p and then I have a filter that blocks it.

This disables the normal tracker and the DHT and peer exchange.

Please try it and if you can find any way to get around it please let me know :)

p.s
You will have to disable DNS query's outbound and only allow the DNS server in the Mikrotik.
d.s



Go to the Firewall Mangle.
Create a new rule
Set it as a prerouting chain and set L7 accordingly.
Set Action Jump and Jump to target lets say p2p-traffic
Do this for all the defined L7 filters and also for the default p2p-all

Create a new rule below
Set it as a p2p-traffic chain (you will have to enter it).
Set action to mark connection and set it to lets say p2p


Go to the firewall filter
I have put it on top but this is depending on your own setup.
Create new rule
Set chain to forward and connection mark to p2p, Then action to drop or if you use jump rules set it to jump and then point to the drop rule.

i'm confuse of this guide.


I have also thread for Load balancing.
viewtopic.php?f=2&t=51975

User avatar
TKITFrank
Member Candidate
Member Candidate
 
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

by TKITFrank » Thu May 26, 2011 3:54 pm

That is my config yes, Or to be more accurate the basics of the setup. You will have to adjust it to your setup.
Can you be more specific about what confuses you?
MTCNA

"I don't believe UNIX is Utopia. It's just the best set of tools around."

Nanflexal
Frequent Visitor
Frequent Visitor
 
Posts: 98
Joined: Wed Sep 16, 2009 7:34 am

Re: Block p2p traffic

by Nanflexal » Mon May 30, 2011 11:34 am

TKITFrank wrote:That is my config yes, Or to be more accurate the basics of the setup. You will have to adjust it to your setup.
Can you be more specific about what confuses you?


can you provide screen shot of this part.
Go to the Firewall Mangle.
Create a new rule
Set it as a prerouting chain and set L7 accordingly.
Set Action Jump and Jump to target lets say p2p-traffic
Do this for all the defined L7 filters and also for the default p2p-all

Create a new rule below
Set it as a p2p-traffic chain (you will have to enter it).
Set action to mark connection and set it to lets say p2p


Go to the firewall filter
I have put it on top but this is depending on your own setup.
Create new rule
Set chain to forward and connection mark to p2p, Then action to drop or if you use jump rules set it to jump and then point to the drop rule.


Thanks

User avatar
TKITFrank
Member Candidate
Member Candidate
 
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

by TKITFrank » Mon May 30, 2011 1:50 pm

Hi,

Hope this helps...

Code: Select all
[xxxxxx@xxx.xxx.xx] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
 2   chain=prerouting action=jump jump-target=p2p-service layer7-protocol=DIRECTCONNECT
 3   chain=prerouting action=jump jump-target=p2p-service p2p=all-p2p dst-address-list=!dns-servers
 4   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT
 5   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT_ANNOUNCE
 7   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=EMULE
12   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=GNUTELLA
15   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=KUGOO
20   chain=prerouting action=jump jump-target=tcp-services connection-state=new protocol=tcp dst-port=443
21   chain=prerouting action=jump jump-target=p2p-service connection-state=new protocol=tcp layer7-protocol=HTTPS dst-port=!443
23   chain=prerouting action=jump jump-target=tcp-services tcp-flags=syn connection-state=new protocol=tcp
24   chain=prerouting action=jump jump-target=udp-services connection-state=new protocol=udp
25   chain=prerouting action=jump jump-target=other-services connection-state=new
26   chain=p2p-service action=mark-connection new-connection-mark=p2p passthrough=no


Code: Select all
 5   ;;; Drop and log all P2P
     chain=forward action=add-src-to-address-list src-address-list=local-addr address-list=p2p-users address-list-timeout=4w3d connection-mark=p2p
 6   chain=forward action=log connection-mark=p2p log-prefix="P2P"
 7   chain=forward action=jump jump-target=drop connection-mark=p2p
MTCNA

"I don't believe UNIX is Utopia. It's just the best set of tools around."

Nanflexal
Frequent Visitor
Frequent Visitor
 
Posts: 98
Joined: Wed Sep 16, 2009 7:34 am

Re: Block p2p traffic

by Nanflexal » Tue May 31, 2011 9:55 pm

TKITFrank wrote:Hi,

Hope this helps...

Code: Select all
[xxxxxx@xxx.xxx.xx] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
 2   chain=prerouting action=jump jump-target=p2p-service layer7-protocol=DIRECTCONNECT
 3   chain=prerouting action=jump jump-target=p2p-service p2p=all-p2p dst-address-list=!dns-servers
 4   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT
 5   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT_ANNOUNCE
 7   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=EMULE
12   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=GNUTELLA
15   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=KUGOO
20   chain=prerouting action=jump jump-target=tcp-services connection-state=new protocol=tcp dst-port=443
21   chain=prerouting action=jump jump-target=p2p-service connection-state=new protocol=tcp layer7-protocol=HTTPS dst-port=!443
23   chain=prerouting action=jump jump-target=tcp-services tcp-flags=syn connection-state=new protocol=tcp
24   chain=prerouting action=jump jump-target=udp-services connection-state=new protocol=udp
25   chain=prerouting action=jump jump-target=other-services connection-state=new
26   chain=p2p-service action=mark-connection new-connection-mark=p2p passthrough=no


Code: Select all
 5   ;;; Drop and log all P2P
     chain=forward action=add-src-to-address-list src-address-list=local-addr address-list=p2p-users address-list-timeout=4w3d connection-mark=p2p
 6   chain=forward action=log connection-mark=p2p log-prefix="P2P"
 7   chain=forward action=jump jump-target=drop connection-mark=p2p


is there a way to import this config to my router.

thanks

User avatar
TKITFrank
Member Candidate
Member Candidate
 
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

by TKITFrank » Wed Jun 01, 2011 10:14 am

Hi,

You can just type it in the terminal, But I would recommend you to use this as a guide only. All configurations are different so you will have to adjust it to your setup.
The thing I would recommend is that is high up in the mangle and filter rules to make sure no other rules interfere with it.

Hope this helps!
MTCNA

"I don't believe UNIX is Utopia. It's just the best set of tools around."

mktwifi
Frequent Visitor
Frequent Visitor
 
Posts: 62
Joined: Wed Oct 15, 2008 9:45 am

Re: Block p2p traffic

by mktwifi » Wed Jun 08, 2011 11:10 am

Dear Guys!
Could you post L7 rexexp for HTTPS and EMULE please?

Thanks in advance

Best regard

User avatar
TKITFrank
Member Candidate
Member Candidate
 
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

by TKITFrank » Thu Jun 09, 2011 10:51 am

Hi,

Here they are.

Code: Select all
add comment="" name=EMULE regexp="^[\\xc5\\xd4\\xe3-\\xe5].\?.\?.\?.\?([\\x01\\x02\\x05\\x14\\x15\\x16\\x18\\x19\\x1a\\x1b\\x1c\\x20\\x21\\x32\\x33\\x34\\x35\\x36\\x38\\x40\\x41\\x42\\x43\\x46\\x47\\x48\\x49\\x4a\\\
    x4b\\x4c\\x4d\\x4e\\x4f\\x50\\x51\\x52\\x53\\x54\\x55\\x56\\x57\\x58[\\x60\\x81\\x82\\x90\\x91\\x93\\x96\\x97\\x98\\x99\\x9a\\x9b\\x9c\\x9e\\xa0\\xa1\\xa2\\xa3\\xa4]|\\x59................\?[ -~]|\\x96....\$)"

add comment="" name=HTTPS regexp="^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b)"

add comment="" name=VALIDATECRT regexp="^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\\.net limited)"
MTCNA

"I don't believe UNIX is Utopia. It's just the best set of tools around."

12 posts   •   Page 1 of 1

Who is online

Users browsing this forum: Yahoo [Bot] and 22 guests

It is currently Thu Nov 27, 2014 8:02 pm