Torrent Rules 2017 - Limit not Block

RouterOS General
1

These rules seem to be the most effect rules i could find from various posts. I do not block torrents, instead apply heavy speed limitations for 30 minutes using Queues.

Layer 7 to identify torrent traffic

/ip firewall layer7-protocol
add name=L7-Torrent regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrap\
    e\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\
    \\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]" comment="TOR Layer7"

Filter rules to add offending users to a address list with a 30 min time out

/ip firewall filter
add action=add-src-to-address-list address-list=Torrent-Add address-list-timeout=30m chain=forward comment="TOR Abusers" layer7-protocol=\
    L7-Torrent src-address=192.168.2.0/24
add action=add-src-to-address-list address-list=Torrent-Add address-list-timeout=30m chain=forward comment="TOR Abusers" p2p=all-p2p \
    src-address=192.168.2.0/24
add action=add-src-to-address-list address-list=Torrent-Add address-list-timeout=30m chain=forward comment="TOR Abusers" p2p=bit-torrent \
    src-address=192.168.2.0/24

mangle rules to do connection marking

/ip firewall mangle
add action=mark-packet chain=forward comment="Torrent Traffic" new-packet-mark=torrent_up passthrough=no \
    src-address-list=Torrent-Add
add action=mark-packet chain=forward comment="Torrent Traffic" dst-address-list=Torrent-Add new-packet-mark=\
    torrent_down passthrough=no

The queue type that enforces a speed limit for up and download to 1k

/queue type
add kind=pcq name=QType_TOR_1k_down pcq-burst-time=5s pcq-classifier=dst-address pcq-dst-address6-mask=64 \
    pcq-limit=1KiB pcq-rate=1k pcq-src-address6-mask=64 pcq-total-limit=1KiB
add kind=pcq name=QType_TOR_1k_up pcq-burst-time=5s pcq-classifier=src-address pcq-dst-address6-mask=64 \
    pcq-limit=1KiB pcq-rate=1k pcq-src-address6-mask=64 pcq-total-limit=1KiB

Queue tree to apply the speeds from the connection marking

/queue tree
add name=QTree_Torrent_1k_up packet-mark=torrent_up parent=global priority=2 queue=QType_TOR_1k_up
add name=QTree_Torrent_1k_down packet-mark=torrent_down parent=global priority=2 queue=QType_TOR_1k_down

These are not my rules, as i mentioned i made a combination of rules i found from different places over the internet. And so far they seem to work.

If anyone can suggest a better method or way, it would be welcomed :slight_smile:

2

Hi, I used this rules and found a little issue it also blocks netflix connections as well, is there any way to exclude netflix traffic out of this rules.

Cheers,

3

Hi, do you have a config on how to limit only torrent download, sir? I want to allow torrent but I just want to limit it for each user lesser than their max speed. Thank you!

4

What RouterOS version did you use?
These rules are using the p2p matcher which has been deprecated since April.

Also even if it wasn’t deprecated there’s no point matching all p2p in the first rule and then matching bittorrent p2p on the second rule.
Only the first p2p rule is enough.

5

If you turn on Protocol Encryption , this does not work anymore.

On μTorrent:
Preferences → BitTorrent → Protocol Encryption → Outgoing → Enabled or Foreced

6

This rule is not working adfyer the last utorrent update :frowning: