Community discussions

MikroTik App
 
Nanflexal
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Wed Sep 16, 2009 7:34 am

Block p2p traffic

Mon May 23, 2011 12:56 pm

Guys,

how do i block p2p traffic on my RB493AH? i have very limited internet at the moment so i want to filter or block p2p traffic while i wait my dedicated internet line.

Could someone tell me where to download regexp and miktrotik firewall rules to block p2p traffic.


Thanks
 
TKITFrank
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

Mon May 23, 2011 2:01 pm

 
Nanflexal
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Wed Sep 16, 2009 7:34 am

Re: Block p2p traffic

Mon May 23, 2011 2:23 pm

Thanks for the link but too many example / firewall rules. which once can you recommend?


thanks
 
TKITFrank
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

Tue May 24, 2011 11:07 am

Hi,

I use these in my firewall
http://forum.mikrotik.com/viewtopic.php ... 66#p176066
http://forum.mikrotik.com/viewtopic.php ... 08#p204108

Remember that these rules use L7 so it uses quite some CPU depending on traffic.
 
Nanflexal
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Wed Sep 16, 2009 7:34 am

Re: Block p2p traffic

Tue May 24, 2011 7:59 pm

TKITFrank is this your config?
Here is the config
DNS
/ip dns static
add address=127.0.0.1 disabled=no name=router.utorrent.com ttl=1d
add address=127.0.0.1 disabled=no name=dht.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vrpc.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vzrpx020.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vzapp020.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=client.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=mirror-user1.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=ip.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=jp.bitcomet.com ttl=1d
add address=127.0.0.1 disabled=no name=torrent-cache.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=inside.bitcomet.com ttl=1d
add address=127.0.0.2 disabled=no name=router.bitcomet.net ttl=1d

L7 filter
/ip firewall layer7-protocol
add comment="" name=BITTORRENT regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add comment="" name=BITTORRENT_ANNOUNCE regexp=^get.+announce.

I use the L7 in the mangel rules combined with the normal Mikrotik p2p detection and add mark them as p2p and then I have a filter that blocks it.

This disables the normal tracker and the DHT and peer exchange.

Please try it and if you can find any way to get around it please let me know :)

p.s
You will have to disable DNS query's outbound and only allow the DNS server in the Mikrotik.
d.s
Go to the Firewall Mangle.
Create a new rule
Set it as a prerouting chain and set L7 accordingly.
Set Action Jump and Jump to target lets say p2p-traffic
Do this for all the defined L7 filters and also for the default p2p-all

Create a new rule below
Set it as a p2p-traffic chain (you will have to enter it).
Set action to mark connection and set it to lets say p2p


Go to the firewall filter
I have put it on top but this is depending on your own setup.
Create new rule
Set chain to forward and connection mark to p2p, Then action to drop or if you use jump rules set it to jump and then point to the drop rule.
i'm confuse of this guide.


I have also thread for Load balancing.
http://forum.mikrotik.com/viewtopic.php?f=2&t=51975
 
TKITFrank
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

Thu May 26, 2011 3:54 pm

That is my config yes, Or to be more accurate the basics of the setup. You will have to adjust it to your setup.
Can you be more specific about what confuses you?
 
Nanflexal
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Wed Sep 16, 2009 7:34 am

Re: Block p2p traffic

Mon May 30, 2011 11:34 am

That is my config yes, Or to be more accurate the basics of the setup. You will have to adjust it to your setup.
Can you be more specific about what confuses you?
can you provide screen shot of this part.
Go to the Firewall Mangle.
Create a new rule
Set it as a prerouting chain and set L7 accordingly.
Set Action Jump and Jump to target lets say p2p-traffic
Do this for all the defined L7 filters and also for the default p2p-all

Create a new rule below
Set it as a p2p-traffic chain (you will have to enter it).
Set action to mark connection and set it to lets say p2p


Go to the firewall filter
I have put it on top but this is depending on your own setup.
Create new rule
Set chain to forward and connection mark to p2p, Then action to drop or if you use jump rules set it to jump and then point to the drop rule.
Thanks
 
TKITFrank
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

Mon May 30, 2011 1:50 pm

Hi,

Hope this helps...
[xxxxxx@xxx.xxx.xx] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
 2   chain=prerouting action=jump jump-target=p2p-service layer7-protocol=DIRECTCONNECT
 3   chain=prerouting action=jump jump-target=p2p-service p2p=all-p2p dst-address-list=!dns-servers
 4   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT
 5   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT_ANNOUNCE
 7   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=EMULE
12   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=GNUTELLA
15   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=KUGOO
20   chain=prerouting action=jump jump-target=tcp-services connection-state=new protocol=tcp dst-port=443
21   chain=prerouting action=jump jump-target=p2p-service connection-state=new protocol=tcp layer7-protocol=HTTPS dst-port=!443
23   chain=prerouting action=jump jump-target=tcp-services tcp-flags=syn connection-state=new protocol=tcp
24   chain=prerouting action=jump jump-target=udp-services connection-state=new protocol=udp
25   chain=prerouting action=jump jump-target=other-services connection-state=new
26   chain=p2p-service action=mark-connection new-connection-mark=p2p passthrough=no
 5   ;;; Drop and log all P2P
     chain=forward action=add-src-to-address-list src-address-list=local-addr address-list=p2p-users address-list-timeout=4w3d connection-mark=p2p
 6   chain=forward action=log connection-mark=p2p log-prefix="P2P"
 7   chain=forward action=jump jump-target=drop connection-mark=p2p
 
Nanflexal
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Wed Sep 16, 2009 7:34 am

Re: Block p2p traffic

Tue May 31, 2011 9:55 pm

Hi,

Hope this helps...
[xxxxxx@xxx.xxx.xx] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
 2   chain=prerouting action=jump jump-target=p2p-service layer7-protocol=DIRECTCONNECT
 3   chain=prerouting action=jump jump-target=p2p-service p2p=all-p2p dst-address-list=!dns-servers
 4   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT
 5   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT_ANNOUNCE
 7   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=EMULE
12   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=GNUTELLA
15   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=KUGOO
20   chain=prerouting action=jump jump-target=tcp-services connection-state=new protocol=tcp dst-port=443
21   chain=prerouting action=jump jump-target=p2p-service connection-state=new protocol=tcp layer7-protocol=HTTPS dst-port=!443
23   chain=prerouting action=jump jump-target=tcp-services tcp-flags=syn connection-state=new protocol=tcp
24   chain=prerouting action=jump jump-target=udp-services connection-state=new protocol=udp
25   chain=prerouting action=jump jump-target=other-services connection-state=new
26   chain=p2p-service action=mark-connection new-connection-mark=p2p passthrough=no
 5   ;;; Drop and log all P2P
     chain=forward action=add-src-to-address-list src-address-list=local-addr address-list=p2p-users address-list-timeout=4w3d connection-mark=p2p
 6   chain=forward action=log connection-mark=p2p log-prefix="P2P"
 7   chain=forward action=jump jump-target=drop connection-mark=p2p
is there a way to import this config to my router.

thanks
 
TKITFrank
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

Wed Jun 01, 2011 10:14 am

Hi,

You can just type it in the terminal, But I would recommend you to use this as a guide only. All configurations are different so you will have to adjust it to your setup.
The thing I would recommend is that is high up in the mangle and filter rules to make sure no other rules interfere with it.

Hope this helps!
 
User avatar
mktwifi
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Wed Oct 15, 2008 9:45 am

Re: Block p2p traffic

Wed Jun 08, 2011 11:10 am

Dear Guys!
Could you post L7 rexexp for HTTPS and EMULE please?

Thanks in advance

Best regard
 
TKITFrank
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block p2p traffic

Thu Jun 09, 2011 10:51 am

Hi,

Here they are.
add comment="" name=EMULE regexp="^[\\xc5\\xd4\\xe3-\\xe5].\?.\?.\?.\?([\\x01\\x02\\x05\\x14\\x15\\x16\\x18\\x19\\x1a\\x1b\\x1c\\x20\\x21\\x32\\x33\\x34\\x35\\x36\\x38\\x40\\x41\\x42\\x43\\x46\\x47\\x48\\x49\\x4a\\\
    x4b\\x4c\\x4d\\x4e\\x4f\\x50\\x51\\x52\\x53\\x54\\x55\\x56\\x57\\x58[\\x60\\x81\\x82\\x90\\x91\\x93\\x96\\x97\\x98\\x99\\x9a\\x9b\\x9c\\x9e\\xa0\\xa1\\xa2\\xa3\\xa4]|\\x59................\?[ -~]|\\x96....\$)"

add comment="" name=HTTPS regexp="^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b)"

add comment="" name=VALIDATECRT regexp="^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\\.net limited)"

Who is online

Users browsing this forum: No registered users and 24 guests