Block p2p traffic

Hardware MikroTik hardware general
1

Guys,

how do i block p2p traffic on my RB493AH? i have very limited internet at the moment so i want to filter or block p2p traffic while i wait my dedicated internet line.

Could someone tell me where to download regexp and miktrotik firewall rules to block p2p traffic.


Thanks

2

Hi,

Have a look at this topic.
http://forum.mikrotik.com/t/how-block-connection-of-p2p/18495/1

3

Thanks for the link but too many example / firewall rules. which once can you recommend?


thanks

4

Hi,

I use these in my firewall
http://forum.mikrotik.com/t/how-block-connection-of-p2p/18495/5
http://forum.mikrotik.com/t/how-block-connection-of-p2p/18495/24

Remember that these rules use L7 so it uses quite some CPU depending on traffic.

5

TKITFrank is this your config?

Here is the config
DNS
/ip dns static
add address=127.0.0.1 disabled=no name=router.utorrent.com ttl=1d
add address=127.0.0.1 disabled=no name=dht.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vrpc.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vzrpx020.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=vzapp020.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=client.vuze.com ttl=1d
add address=127.0.0.1 disabled=no name=mirror-user1.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=ip.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=jp.bitcomet.com ttl=1d
add address=127.0.0.1 disabled=no name=torrent-cache.bitcomet.org ttl=1d
add address=127.0.0.1 disabled=no name=inside.bitcomet.com ttl=1d
add address=127.0.0.2 disabled=no name=router.bitcomet.net ttl=1d

L7 filter
/ip firewall layer7-protocol
add comment=“” name=BITTORRENT regexp=“^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data\?fid=)|d1:ad2:id20:|\x08’7P\)[RP]”
add comment=“” name=BITTORRENT_ANNOUNCE regexp=^get.+announce.

I use the L7 in the mangel rules combined with the normal Mikrotik p2p detection and add mark them as p2p and then I have a filter that blocks it.

This disables the normal tracker and the DHT and peer exchange.

Please try it and if you can find any way to get around it please let me know > :slight_smile:

p.s
You will have to disable DNS query’s outbound and only allow the DNS server in the Mikrotik.
d.s



Go to the Firewall Mangle.
Create a new rule
Set it as a prerouting chain and set L7 accordingly.
Set Action Jump and Jump to target lets say p2p-traffic
Do this for all the defined L7 filters and also for the default p2p-all

Create a new rule below
Set it as a p2p-traffic chain (you will have to enter it).
Set action to mark connection and set it to lets say p2p


Go to the firewall filter
I have put it on top but this is depending on your own setup.
Create new rule
Set chain to forward and connection mark to p2p, Then action to drop or if you use jump rules set it to jump and then point to the drop rule.

i’m confuse of this guide.


I have also thread for Load balancing.
http://forum.mikrotik.com/t/how-to-setup-dual-wan-as-bonded/47291/1

6

That is my config yes, Or to be more accurate the basics of the setup. You will have to adjust it to your setup.
Can you be more specific about what confuses you?

7

can you provide screen shot of this part.

Go to the Firewall Mangle.
Create a new rule
Set it as a prerouting chain and set L7 accordingly.
Set Action Jump and Jump to target lets say p2p-traffic
Do this for all the defined L7 filters and also for the default p2p-all

Create a new rule below
Set it as a p2p-traffic chain (you will have to enter it).
Set action to mark connection and set it to lets say p2p


Go to the firewall filter
I have put it on top but this is depending on your own setup.
Create new rule
Set chain to forward and connection mark to p2p, Then action to drop or if you use jump rules set it to jump and then point to the drop rule.

Thanks

8

Hi,

Hope this helps…

[xxxxxx@xxx.xxx.xx] /ip firewall mangle> print
Flags: X - disabled, I - invalid, D - dynamic
 2   chain=prerouting action=jump jump-target=p2p-service layer7-protocol=DIRECTCONNECT
 3   chain=prerouting action=jump jump-target=p2p-service p2p=all-p2p dst-address-list=!dns-servers
 4   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT
 5   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=BITTORRENT_ANNOUNCE
 7   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=EMULE
12   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=GNUTELLA
15   chain=prerouting action=jump jump-target=p2p-service dst-address-list=!dns-servers layer7-protocol=KUGOO
20   chain=prerouting action=jump jump-target=tcp-services connection-state=new protocol=tcp dst-port=443
21   chain=prerouting action=jump jump-target=p2p-service connection-state=new protocol=tcp layer7-protocol=HTTPS dst-port=!443
23   chain=prerouting action=jump jump-target=tcp-services tcp-flags=syn connection-state=new protocol=tcp
24   chain=prerouting action=jump jump-target=udp-services connection-state=new protocol=udp
25   chain=prerouting action=jump jump-target=other-services connection-state=new
26   chain=p2p-service action=mark-connection new-connection-mark=p2p passthrough=no




 5   ;;; Drop and log all P2P
     chain=forward action=add-src-to-address-list src-address-list=local-addr address-list=p2p-users address-list-timeout=4w3d connection-mark=p2p
 6   chain=forward action=log connection-mark=p2p log-prefix="P2P"
 7   chain=forward action=jump jump-target=drop connection-mark=p2p
9

is there a way to import this config to my router.

thanks

10

Hi,

You can just type it in the terminal, But I would recommend you to use this as a guide only. All configurations are different so you will have to adjust it to your setup.
The thing I would recommend is that is high up in the mangle and filter rules to make sure no other rules interfere with it.

Hope this helps!

11

Dear Guys!
Could you post L7 rexexp for HTTPS and EMULE please?

Thanks in advance

Best regard

12

Hi,

Here they are.

add comment="" name=EMULE regexp="^[\\xc5\\xd4\\xe3-\\xe5].\?.\?.\?.\?([\\x01\\x02\\x05\\x14\\x15\\x16\\x18\\x19\\x1a\\x1b\\x1c\\x20\\x21\\x32\\x33\\x34\\x35\\x36\\x38\\x40\\x41\\x42\\x43\\x46\\x47\\x48\\x49\\x4a\\\
    x4b\\x4c\\x4d\\x4e\\x4f\\x50\\x51\\x52\\x53\\x54\\x55\\x56\\x57\\x58[\\x60\\x81\\x82\\x90\\x91\\x93\\x96\\x97\\x98\\x99\\x9a\\x9b\\x9c\\x9e\\xa0\\xa1\\xa2\\xa3\\xa4]|\\x59................\?[ -~]|\\x96....\$)"

add comment="" name=HTTPS regexp="^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b)"

add comment="" name=VALIDATECRT regexp="^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\\.net limited)"