I know this topic has been posted several times in the forum but it doesn’t work for me. When i apply the rules either via terminal window or via Layer 7 regexp, no success. The websites i blocked still opens and torrent download are still going on. Please i need help. It’s my first time of using Mikrotik Router.
Thanks
Can you please provide us with the settings you used?
I pasted this in winbox under layer7 protocol - regexp
regexp:
^.*(get|GET).+(torrent|
thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|
torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|
entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|
flixflux|seedpeer|fenopy|gpirate|commonbits).*$
/ip firewall filter>
add chain=forward src-address=192.168.88.0/24 layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward src-address=192.168.88.0/24 protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward src-address=192.168.88.0/24 content=torrent action=drop comment=keyword_drop
add chain=forward src-address=192.168.88.0/24 content=tracker action=drop comment=trackers_drop
add chain=forward src-address=192.168.88.0/24 content=getpeers action=drop comment=get_peers_drop
add chain=forward src-address=192.168.88.0/24 content=info_hash action=drop comment=info_hash_drop
add chain=forward src-address=192.168.88.0/24 content=announce_peers action=drop comment=announce_peers_drop
add chain=forward src-address=192.168.88.0/24 p2p=all-p2p action=drop comment=p2p_drop
http://phallaccmt.blogspot.co.ke/2016/02/51-mikrotik-auto-block-torrent-bit.html
http://phallaccmt.blogspot.co.ke/2016/01/mikrotik-block-torrent-bittorrent_31.html
For websites use opendns
Any one with the correct way to block torrent downloads on my mikrotik?
did you get the right way?\
Regarding websites, have you tried to create access list and add url’s then drop that access list ( ROS will resolve url’s to IP’s ) ? Its relative new feature in firewall.
Hi,
Here is a config that is working for me, tested on rb750gr3, rb3011UiAS, rb951g-2hnd. I can not remember from where i have implemented it, most likely from this forum or an outside link from a post.
It stops .torrent file download from browser as well as seeding or downloading inside torrent client (uTorrent, Vuze etc ).
1. define layer7 bit torrent regex table
/ip firewall layer7-protocol
add comment="Block Bit Torrent - tabela regex" name=layer7-bittorrent-exp regexp=\
"^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
2. add “ofender” ip to a list with timeout set to 5 minutes
/ip firewall filter
add action=add-src-to-address-list address-list=Torrent-Conn address-list-timeout=5m chain=forward comment="Block torrent trafic" layer7-protocol=layer7-bittorrent-exp \
log-prefix=torr-conn src-address={lan_network_range} src-address-list=!allow-bit
add action=add-src-to-address-list address-list=Torrent-Conn address-list-timeout=5m chain=forward comment="Block p2p" log-prefix=torr-conn p2p=all-p2p src-address={lan_network_range} \
src-address-list=!allow-bit
where src-address={lan_network_range} is local lan network range ( Ex.: 192.168.0.0/24 )
You can see blocked ips running command:
/ip firewall address-list print
3. drop traffic for non-standard ports ( some of them ) for ips inside Torrent-Conn list ( see 2. )
/ip firewall filter
add action=drop chain=forward dst-port=!0-1024,3389,5222,5800,5900,8291,14147,59905 protocol=tcp \
src-address-list=Torrent-Conn
add action=drop chain=forward dst-port=!0-1024,3389,5222,5800,5900,8291,14147,59905 protocol=udp \
src-address-list=Torrent-Conn
add action=drop chain=forward out-interface={local-lan-interface} content="\r\nContent-Type: application/x-bittorrent" protocol=tcp src-port=80 comment=".torrent \r\nContent-Type...."
where out-interface={local-lan-interface} might be: ether2 or bridge1. For example, if on rb951g-2hnd you have ether2(master) and wlan as ports inside a bridge, named bridge1, then out-interface is bridge1
4. mark torrent traffic packets
/ip firewall mangle
add action=mark-packet chain=postrouting comment="p2p download" disabled=no layer7-protocol=layer7-bittorrent-exp new-packet-mark="p2p download" passthrough=no
5. drop torrent traffic
/ip firewall filter
add action=drop chain=forward disabled=no p2p=all-p2p
add action=drop chain=forward in-interface={WAN_interface} comment="torrent dht out magnet" content=d1:ad2:ad20 disabled=no dst-port=1025-65535 packet-size=95-190 protocol=udp
add action=drop chain=forward in-interface={WAN_interface} comment=info_hash content=info_hash disabled=no dst-port=2170,80 protocol=tcp
add action=drop chain=forward out-interface={local-lan-interface} content="\r\nContent-Type: application/x-bittorrent" protocol=tcp src-port=80 comment=".torrent \r\nContent-Type...."
where in-interface={WAN_interface} is your WAN interface ( Ex.: ether1 or pppoe-out1 )
and
out-interface={local-lan-interface} might be: ether2 or bridge1. For example, if on rb951g-2hnd you have ether2(master) and wlan as ports inside a bridge, named bridge1, then out-interface is bridge1
P.S. MOST IMPORTANT: in order to make it work DISABLE fasttrack, if you had enabled it or has left enabled by default configuration! ( https://wiki.mikrotik.com/wiki/Manual:IP/Fasttrack )
Hope it helps.
kind regards,
Hello these rules are ok but how to prevent blocking games like dota 2,fornite,etc.My question is due to the ports which are not listed.Thanks
Hopefully 2frogs will chime in here, he can solve it using whitelists.