Page 1 of 1
Block p2p traffic
Posted: Mon May 23, 2011 12:56 pm
by Nanflexal
Guys,
how do i block p2p traffic on my RB493AH? i have very limited internet at the moment so i want to filter or block p2p traffic while i wait my dedicated internet line.
Could someone tell me where to download regexp and miktrotik firewall rules to block p2p traffic.
Thanks
Re: Block p2p traffic
Posted: Mon May 23, 2011 2:01 pm
by TKITFrank
Re: Block p2p traffic
Posted: Mon May 23, 2011 2:23 pm
by Nanflexal
Thanks for the link but too many example / firewall rules. which once can you recommend?
thanks
Re: Block p2p traffic
Posted: Tue May 24, 2011 11:07 am
by TKITFrank
Hi,
I use these in my firewall
http://forum.mikrotik.com/viewtopic.php ... 66#p176066
http://forum.mikrotik.com/viewtopic.php ... 08#p204108
Remember that these rules use L7 so it uses quite some CPU depending on traffic.
Re: Block p2p traffic
Posted: Tue May 24, 2011 7:59 pm
by Nanflexal
TKITFrank is this your config?
Here is the config
DNS
/ip dns static
add address=127.0.0.1 disabled=no name=router.utorrent.com ttl=1d
add address=127.0.0.1 disabled=no name=dht.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vrpc.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vzrpx020.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vzapp020.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=client.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=mirror-user1.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=ip.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=jp.bitcomet.com ttl=1d
add address=127.0.0.1 disabled=no name=torrent-cache.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=inside.bitcomet.com ttl=1d
add address=127.0.0.2 disabled=no name=router.bitcomet.net ttl=1d
L7 filter
/ip firewall layer7-protocol
add comment="" name=BITTORRENT regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add comment="" name=BITTORRENT_ANNOUNCE regexp=^get.+announce.
I use the L7 in the mangel rules combined with the normal Mikrotik p2p detection and add mark them as p2p and then I have a filter that blocks it.
This disables the normal tracker and the DHT and peer exchange.
Please try it and if you can find any way to get around it please let me know
p.s
You will have to disable DNS query's outbound and only allow the DNS server in the Mikrotik.
d.s
Go to the Firewall Mangle.
Create a new rule
Set it as a prerouting chain and set L7 accordingly.
Set Action Jump and Jump to target lets say p2p-traffic
Do this for all the defined L7 filters and also for the default p2p-all
Create a new rule below
Set it as a p2p-traffic chain (you will have to enter it).
Set action to mark connection and set it to lets say p2p
Go to the firewall filter
I have put it on top but this is depending on your own setup.
Create new rule
Set chain to forward and connection mark to p2p, Then action to drop or if you use jump rules set it to jump and then point to the drop rule.
i'm confuse of this guide.
I have also thread for Load balancing.
http://forum.mikrotik.com/viewtopic.php?f=2&t=51975
Re: Block p2p traffic
Posted: Thu May 26, 2011 3:54 pm
by TKITFrank
That is my config yes, Or to be more accurate the basics of the setup. You will have to adjust it to your setup.
Can you be more specific about what confuses you?
Re: Block p2p traffic
Posted: Mon May 30, 2011 11:34 am
by Nanflexal
That is my config yes, Or to be more accurate the basics of the setup. You will have to adjust it to your setup.
Can you be more specific about what confuses you?
can you provide screen shot of this part.
Go to the Firewall Mangle.
Create a new rule
Set it as a prerouting chain and set L7 accordingly.
Set Action Jump and Jump to target lets say p2p-traffic
Do this for all the defined L7 filters and also for the default p2p-all
Create a new rule below
Set it as a p2p-traffic chain (you will have to enter it).
Set action to mark connection and set it to lets say p2p
Go to the firewall filter
I have put it on top but this is depending on your own setup.
Create new rule
Set chain to forward and connection mark to p2p, Then action to drop or if you use jump rules set it to jump and then point to the drop rule.
Thanks
Re: Block p2p traffic
Posted: Mon May 30, 2011 1:50 pm
by TKITFrank
Hi,
Hope this helps...
[xxxxxx@xxx.xxx.xx] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
2 chain=prerouting action=jump jump-target=p2p-service layer7-protocol=DIRECTCONNECT
3 chain=prerouting action=jump jump-target=p2p-service p2p=all-p2p dst-address-list=!dns-servers
4 chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT
5 chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT_ANNOUNCE
7 chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=EMULE
12 chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=GNUTELLA
15 chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=KUGOO
20 chain=prerouting action=jump jump-target=tcp-services connection-state=new protocol=tcp dst-port=443
21 chain=prerouting action=jump jump-target=p2p-service connection-state=new protocol=tcp layer7-protocol=HTTPS dst-port=!443
23 chain=prerouting action=jump jump-target=tcp-services tcp-flags=syn connection-state=new protocol=tcp
24 chain=prerouting action=jump jump-target=udp-services connection-state=new protocol=udp
25 chain=prerouting action=jump jump-target=other-services connection-state=new
26 chain=p2p-service action=mark-connection new-connection-mark=p2p passthrough=no
5 ;;; Drop and log all P2P
chain=forward action=add-src-to-address-list src-address-list=local-addr address-list=p2p-users address-list-timeout=4w3d connection-mark=p2p
6 chain=forward action=log connection-mark=p2p log-prefix="P2P"
7 chain=forward action=jump jump-target=drop connection-mark=p2p
Re: Block p2p traffic
Posted: Tue May 31, 2011 9:55 pm
by Nanflexal
Hi,
Hope this helps...
[xxxxxx@xxx.xxx.xx] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
2 chain=prerouting action=jump jump-target=p2p-service layer7-protocol=DIRECTCONNECT
3 chain=prerouting action=jump jump-target=p2p-service p2p=all-p2p dst-address-list=!dns-servers
4 chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT
5 chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT_ANNOUNCE
7 chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=EMULE
12 chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=GNUTELLA
15 chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=KUGOO
20 chain=prerouting action=jump jump-target=tcp-services connection-state=new protocol=tcp dst-port=443
21 chain=prerouting action=jump jump-target=p2p-service connection-state=new protocol=tcp layer7-protocol=HTTPS dst-port=!443
23 chain=prerouting action=jump jump-target=tcp-services tcp-flags=syn connection-state=new protocol=tcp
24 chain=prerouting action=jump jump-target=udp-services connection-state=new protocol=udp
25 chain=prerouting action=jump jump-target=other-services connection-state=new
26 chain=p2p-service action=mark-connection new-connection-mark=p2p passthrough=no
5 ;;; Drop and log all P2P
chain=forward action=add-src-to-address-list src-address-list=local-addr address-list=p2p-users address-list-timeout=4w3d connection-mark=p2p
6 chain=forward action=log connection-mark=p2p log-prefix="P2P"
7 chain=forward action=jump jump-target=drop connection-mark=p2p
is there a way to import this config to my router.
thanks
Re: Block p2p traffic
Posted: Wed Jun 01, 2011 10:14 am
by TKITFrank
Hi,
You can just type it in the terminal, But I would recommend you to use this as a guide only. All configurations are different so you will have to adjust it to your setup.
The thing I would recommend is that is high up in the mangle and filter rules to make sure no other rules interfere with it.
Hope this helps!
Re: Block p2p traffic
Posted: Wed Jun 08, 2011 11:10 am
by mktwifi
Dear Guys!
Could you post L7 rexexp for HTTPS and EMULE please?
Thanks in advance
Best regard
Re: Block p2p traffic
Posted: Thu Jun 09, 2011 10:51 am
by TKITFrank
Hi,
Here they are.
add comment="" name=EMULE regexp="^[\\xc5\\xd4\\xe3-\\xe5].\?.\?.\?.\?([\\x01\\x02\\x05\\x14\\x15\\x16\\x18\\x19\\x1a\\x1b\\x1c\\x20\\x21\\x32\\x33\\x34\\x35\\x36\\x38\\x40\\x41\\x42\\x43\\x46\\x47\\x48\\x49\\x4a\\\
x4b\\x4c\\x4d\\x4e\\x4f\\x50\\x51\\x52\\x53\\x54\\x55\\x56\\x57\\x58[\\x60\\x81\\x82\\x90\\x91\\x93\\x96\\x97\\x98\\x99\\x9a\\x9b\\x9c\\x9e\\xa0\\xa1\\xa2\\xa3\\xa4]|\\x59................\?[ -~]|\\x96....\$)"
add comment="" name=HTTPS regexp="^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b)"
add comment="" name=VALIDATECRT regexp="^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\\.net limited)"