Community discussions

 
loveman
Member
Member
Topic Author
Posts: 327
Joined: Tue Mar 10, 2015 9:32 pm

What is the best way to block P2P traffic

Mon Jun 06, 2016 12:07 am

Hello every one
i tired to drop P2P traffic but can't block that
below will show you the way when i tried that
/ip firewall filter add action=add-src-to-address-list address-list=P2P address-list-timeout=30m chain=forward comment="Add P2P hosts to address list" out-interface=ether1-gateway p2p=all-p2p

/ip firewall filter add action=drop chain=forward comment="Drop traffic from P2P hosts" out-interface=ether1-gateway src-address-list=P2P

but not working
how can drop p2p (p2p=all-p2p) traffic because i need to block vpn program
regards
 
User avatar
skyctgbd
just joined
Posts: 13
Joined: Thu Oct 01, 2015 3:48 pm
Location: Chittagong, Bangladesh.

Re: What is the best way to block P2P traffic

Mon Jun 06, 2016 11:16 am

/ip firewall filter
add chain=forward protocol=gre action=drop
add chain=forward protocol=tcp dst-port=1723 action=drop

i hope vpn will be off ... :D
 
tr00g33k
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Sun Mar 29, 2015 3:58 pm

Re: What is the best way to block P2P traffic

Mon Jun 06, 2016 12:21 pm

What kind of VPN connection PPtP, SSTP, vendor specific ? It depends what kind of VPN you whant to block,...
 
pe1chl
Forum Guru
Forum Guru
Posts: 5930
Joined: Mon Jun 08, 2015 12:09 pm

Re: What is the best way to block P2P traffic

Mon Jun 06, 2016 5:03 pm

/ip firewall filter
add chain=forward protocol=gre action=drop
add chain=forward protocol=tcp dst-port=1723 action=drop

i hope vpn will be off ... :D
What you describe is PPTP which is something different from P2P.
 
loveman
Member
Member
Topic Author
Posts: 327
Joined: Tue Mar 10, 2015 9:32 pm

Re: What is the best way to block P2P traffic

Mon Jun 06, 2016 10:09 pm

/ip firewall filter
add chain=forward protocol=gre action=drop
add chain=forward protocol=tcp dst-port=1723 action=drop

i hope vpn will be off ... :D
My question to you
If you tried your method and that method true active "drop vpn program" or not working
Regards
 
User avatar
skyctgbd
just joined
Posts: 13
Joined: Thu Oct 01, 2015 3:48 pm
Location: Chittagong, Bangladesh.

Re: What is the best way to block P2P traffic

Tue Jun 07, 2016 11:20 am

This method will be drop Hotspot Shield program. i am not sure 100%, But it will be work for dropping Hotspot Shield. Must you have to use open dns in Mikrotik.
/ip firewall address-list
add address=157.56.106.0/24 disabled=no list=hotspotshield
add address=157.56.144.0/24 disabled=no list=hotspotshield
add address=198.144.116.0/24 disabled=no list=hotspotshield
add address=204.14.77.0/24 disabled=no list=hotspotshield
add address=204.14.0.0/16 disabled=no list=hotspotshield
add address=205.164.34.0/24 disabled=no list=hotspotshield
add address=209.73.0.0/16 disabled=no list=hotspotshield
add address=212.118.232.0/24 disabled=no list=hotspotshield
add address=216.172.138.0/24 disabled=no list=hotspotshield
add address=216.172.0.0/16 disabled=no list=hotspotshield
add address=46.0.0.0/8 disabled=no list=hotspotshield
add address=66.171.229.0/24 disabled=no list=hotspotshield
add address=68.68.107.0/24 disabled=no list=hotspotshield
add address=68.68.108.0/24 disabled=no list=hotspotshield
add address=69.22.168.0/24 disabled=no list=hotspotshield
add address=69.22.170.0/24 disabled=no list=hotspotshield
add address=74.115.0.0/16 disabled=no list=hotspotshieldb
add address=94.245.121.0/24 disabled=no list=hotspotshield
add address=69.22.185.0/24 disabled=no list=hotspotshield
add address=174.129.0.0/16 disabled=no list=hotspotshield
add address=216.172.135.0/24 disabled=no list=hotspotshield
add address=67.220.0.0/16 disabled=no list=hotspotshield
add address=50.0.0.0/8 disabled=no list=hotspotshieldb
add address=79.125.0.0/16 disabled=no list=hotspotshield
add address=75.101.0.0/16 disabled=no list=hotspotshield
add address=176.56.0.0/16 disabled=no list=hotspotshield
add address=54.75.0.0/16 disabled=no list=hotspotshield
add address=54.161.0.0/16 disabled=no list=hotspotshield
add address=199.188.0.0/16 disabled=no list=hotspotshield

# Now create Rules to block above address list and additional ports
/ip firewall filter
add action=drop chain=forward comment="Block_Hotspot_Shield_Addresses" disabled=no src-address-list=hotspotshield
add action=drop chain=forward comment="Block_Hotspot_Shield_Ports" disabled=no dst-port=990,179,105,706,5245,3451,15009 protocol=tcp

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=208.67.222.222 secondary-dns=208.67.220.220
 
loveman
Member
Member
Topic Author
Posts: 327
Joined: Tue Mar 10, 2015 9:32 pm

Re: What is the best way to block P2P traffic

Tue Jun 07, 2016 1:39 pm

This method will be drop Hotspot Shield program. i am not sure 100%, But it will be work for dropping Hotspot Shield. Must you have to use open dns in Mikrotik.
/ip firewall address-list
add address=157.56.106.0/24 disabled=no list=hotspotshield
add address=157.56.144.0/24 disabled=no list=hotspotshield
add address=198.144.116.0/24 disabled=no list=hotspotshield
add address=204.14.77.0/24 disabled=no list=hotspotshield
add address=204.14.0.0/16 disabled=no list=hotspotshield
add address=205.164.34.0/24 disabled=no list=hotspotshield
add address=209.73.0.0/16 disabled=no list=hotspotshield
add address=212.118.232.0/24 disabled=no list=hotspotshield
add address=216.172.138.0/24 disabled=no list=hotspotshield
add address=216.172.0.0/16 disabled=no list=hotspotshield
add address=46.0.0.0/8 disabled=no list=hotspotshield
add address=66.171.229.0/24 disabled=no list=hotspotshield
add address=68.68.107.0/24 disabled=no list=hotspotshield
add address=68.68.108.0/24 disabled=no list=hotspotshield
add address=69.22.168.0/24 disabled=no list=hotspotshield
add address=69.22.170.0/24 disabled=no list=hotspotshield
add address=74.115.0.0/16 disabled=no list=hotspotshieldb
add address=94.245.121.0/24 disabled=no list=hotspotshield
add address=69.22.185.0/24 disabled=no list=hotspotshield
add address=174.129.0.0/16 disabled=no list=hotspotshield
add address=216.172.135.0/24 disabled=no list=hotspotshield
add address=67.220.0.0/16 disabled=no list=hotspotshield
add address=50.0.0.0/8 disabled=no list=hotspotshieldb
add address=79.125.0.0/16 disabled=no list=hotspotshield
add address=75.101.0.0/16 disabled=no list=hotspotshield
add address=176.56.0.0/16 disabled=no list=hotspotshield
add address=54.75.0.0/16 disabled=no list=hotspotshield
add address=54.161.0.0/16 disabled=no list=hotspotshield
add address=199.188.0.0/16 disabled=no list=hotspotshield

# Now create Rules to block above address list and additional ports
/ip firewall filter
add action=drop chain=forward comment="Block_Hotspot_Shield_Addresses" disabled=no src-address-list=hotspotshield
add action=drop chain=forward comment="Block_Hotspot_Shield_Ports" disabled=no dst-port=990,179,105,706,5245,3451,15009 protocol=tcp

/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB max-udp-packet-size=512 primary-dns=208.67.222.222 secondary-dns=208.67.220.220
Iam already block Hotspot Shield program..
But i need to block psiphon vpn?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5930
Joined: Mon Jun 08, 2015 12:09 pm

Re: What is the best way to block P2P traffic

Tue Jun 07, 2016 2:43 pm

Iam already block Hotspot Shield program..
But i need to block psiphon vpn?
Oh man you are so confusing!
You ask "What is the best way to block P2P traffic" then you need to block some
VPN, and when you get told it is a social/contract problem not a technical problem
you just start a new thread and start the confusion again!

Just make up your mind and ask what you want to ask. And read replies.
 
loveman
Member
Member
Topic Author
Posts: 327
Joined: Tue Mar 10, 2015 9:32 pm

Re: What is the best way to block P2P traffic

Tue Jun 07, 2016 3:06 pm

Iam already block Hotspot Shield program..
But i need to block psiphon vpn?
Oh man you are so confusing!
You ask "What is the best way to block P2P traffic" then you need to block some
VPN, and when you get told it is a social/contract problem not a technical problem
you just start a new thread and start the confusion again!

Just make up your mind and ask what you want to ask. And read replies.
My friend
My post to ask any one have idea to stop p2p traffic..
Why i need this? Because all program of vpn
Working with p2p traffic,, if i block that i will true for stop vpn's program,,
Then
Some one write to me here how to drop one of program's vpn like hotspot shield
I wrote him that i have idea to drop it,,
Now if you have method to drop p2p traffic and method working,, please write me here..
Regards
 
loveman
Member
Member
Topic Author
Posts: 327
Joined: Tue Mar 10, 2015 9:32 pm

Re: What is the best way to block P2P traffic

Tue Jun 07, 2016 3:11 pm

/ip firewall filter
add chain=forward protocol=gre action=drop
add chain=forward protocol=tcp dst-port=1723 action=drop

i hope vpn will be off ... :D
What you describe is PPTP which is something different from P2P.
Dear friend
Any think you have to drop p2p traffic please write here..
Thank you
 
pe1chl
Forum Guru
Forum Guru
Posts: 5930
Joined: Mon Jun 08, 2015 12:09 pm

Re: What is the best way to block P2P traffic

Tue Jun 07, 2016 3:34 pm

You lack the basic understanding of what a VPN does and what you can do.
Blocking a VPN and blocking P2P traffic to go through it are two completely different things.
And both of them are not easy to do, certainly for someone with limited network skills.

Please solve it the non-technical way. Convince your employees about the reasonability of
your requirements and else turn off the WiFi so they won't be able to abuse it anymore.

Who is online

Users browsing this forum: No registered users and 84 guests