Community discussions

MikroTik App
 
mike456
just joined
Topic Author
Posts: 3
Joined: Wed Nov 13, 2019 9:58 am

Blocking Torrent and P2P on RouterOS 6.44 and above

Tue Dec 10, 2019 5:54 am

So I am a beginner using Mikrotik product. And have limited knowledge for it.

I am aware that today's p2p is encrypted and cannot be blocked 100% but I need to have a way to mitigate it for users in the network.
I would like to start by blocking Torrent and P2P over the network. I looked for the settings that should work closest on the current version I have but it seems it is not working. It appears that the firewall filter does not pick up on the address list and on the Layer 7 rules.

Here is the setting that I found and entered to the terminal:
1. 
/ip firewall layer7-protocol
add comment="Mikrotik Block Torrent" name=layer7-bittorrent-exp regexp="^(\\x13bitt\
    orrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?inf\
    o_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[\
    RP]"

2. 
/ip firewall filter
add action=add-src-to-address-list address-list=Torrent-Conn \
    address-list-timeout=2m chain=forward layer7-protocol=\
    layer7-bittorrent-exp src-address=192.168.10.0/24 src-address-list=\
    !allow-bit
add action=add-src-to-address-list address-list=Torrent-Conn \
    address-list-timeout=2m chain=forward p2p=all-p2p src-address=\
    192.168.10.0/24 src-address-list=!allow-bit

3. 
/ip firewall filter
add action=drop chain=forward dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=tcp \
    src-address-list=Torrent-Conn
add action=drop chain=forward dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=udp \
    src-address-list=Torrent-Conn

And this is the export on my router:
add name="youtube block all" regexp="^.+(youtube.com|www.youtube.com|m.youtube.com|ytimg.com|s.ytimg.com|yti\
    mg.|.google.com|youtube.|i.google.com|googlevideo.com|youtu.be).*\$"
add comment="Block torrent traffic" name=Block-Torrents regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|\
    entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|fulldls|btbot|\
    fenopy|gpirate|commonbits).*\$"
add comment="Block Bit Torrent" name=layer7-bittorrent-exp regexp="^(\\x13bittorrent protocol|azver\\x01\$|g\
    et /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20\
    :|\\x08'7P\\)[RP]"
/ip firewall address-list
add address=192.168.10.6 disabled=yes list=PLDT
add address=192.168.10.6 list=allow_youtube
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=accept chain=input comment="PPTP Client" disabled=yes dst-port=1723 protocol=tcp
add action=drop chain=input comment="disable multicast traffic thru router" disabled=yes dst-address-type=\
    multicast
add action=accept chain=input comment="Allow limited pings" disabled=yes limit=50/5s,2:packet protocol=icmp
add action=drop chain=input comment="Drop excess pings" disabled=yes protocol=icmp
add action=drop chain=input disabled=yes dst-port=53 in-interface=LAN protocol=udp
add action=drop chain=input disabled=yes dst-port=53 in-interface=LAN protocol=tcp
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment=\
    "PORTSCAN Port scanners to list " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment=\
    "PORTSCAN NMAP FIN Stealth scan" protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment=\
    "PORTSCAN SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment=\
    "PORTSCAN SYN/RST scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment=\
    "PORTSCAN FIN/PSH/URG scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment=\
    "PORTSCAN ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners address-list-timeout=2w chain=input comment=\
    "PORTSCAN NMAP NULL scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="PORTSCAN dropping port scanners" src-address-list=port_scanners
add action=drop chain=forward protocol=udp src-port=6995
add action=jump chain=forward comment="SYN Flood protect" connection-state=new jump-target=SYN-Protect \
    protocol=tcp tcp-flags=syn
add action=accept chain=SYN-Protect connection-state=new limit=400,5:packet protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp tcp-flags=syn
add action=accept chain=forward disabled=yes layer7-protocol="youtube block all" log-prefix="allow youtube" \
    src-address-list=allow_youtube
add action=drop chain=forward comment="Youtube blocking for all devices on the local network" disabled=yes \
    layer7-protocol="youtube block all" log-prefix="Block youtube" src-address=192.168.10.0/24
add action=reject chain=forward comment=block_WinUp content=update.microsoft.com reject-with=\
    icmp-network-unreachable
add action=reject chain=forward comment=block_WinUp content=download.microsoft.com reject-with=\
    icmp-network-unreachable
add action=reject chain=forward comment=block_WinUp content=windowsupdate.com reject-with=\
    icmp-network-unreachable
add action=jump chain=input comment="Check Brute" dst-port=8291 jump-target=Brute protocol=tcp
add action=accept chain=Brute comment="Allow WinBox safe hosts" connection-state=new dst-port=8291 \
    protocol=tcp src-address-list=safe
add action=add-src-to-address-list address-list=wb_blacklist address-list-timeout=1w3d chain=Brute comment=\
    "WinBox brute forcers blacklisting" connection-state=new dst-port=8291 protocol=tcp src-address-list=\
    wb_stage3
add action=add-src-to-address-list address-list=wb_stage3 address-list-timeout=1m chain=Brute comment=\
    "WinBox brute forcers the third stage" connection-state=new dst-port=8291 protocol=tcp \
    src-address-list=wb_stage2
add action=add-src-to-address-list address-list=wb_stage2 address-list-timeout=1m chain=Brute comment=\
    "WinBox brute forcers the second stage" connection-state=new dst-port=8291 protocol=tcp \
    src-address-list=wb_stage1
add action=add-src-to-address-list address-list=wb_stage1 address-list-timeout=1m chain=Brute comment=\
    "WinBox brute forcers the first stage" connection-state=new dst-port=8291 protocol=tcp
add action=drop chain=Brute comment="Drop WinBox brute forcers" dst-port=8291 protocol=tcp \
    src-address-list=wb_blacklist
add action=drop chain=forward comment="conficker virus block" dst-port=135 protocol=tcp
add action=drop chain=forward comment="conficker virus block" dst-port=139 protocol=tcp
add action=drop chain=forward comment="conficker virus block" dst-port=5933 protocol=tcp
add action=drop chain=forward comment="conficker virus block" dst-port=138 protocol=udp
add action=drop chain=forward comment="conficker virus block" dst-port=5933 protocol=tcp
add action=drop chain=forward comment="conficker virus block" dst-port=137 protocol=udp
add action=drop chain=forward comment="conficker virus block" dst-port=135 protocol=udp
add action=drop chain=forward comment="ubnt exploit" dst-port=10001 protocol=tcp
add action=drop chain=forward comment="ubnt exploit" dst-port=10001 protocol=udp
add action=drop chain=forward comment="Drop Blaster Worm" dst-port=135-139 protocol=tcp
add action=drop chain=forward comment="Drop Messenger Worm" dst-port=135-139 protocol=udp
add action=drop chain=forward comment="Drop Blaster Worm" dst-port=445 protocol=tcp
add action=drop chain=forward comment="Drop Blaster Worm" dst-port=445 protocol=udp
add action=drop chain=forward comment=________ dst-port=593 protocol=tcp
add action=drop chain=forward comment=________ dst-port=1024-1030 protocol=tcp
add action=drop chain=forward comment="Drop MyDoom" dst-port=1080 protocol=tcp
add action=drop chain=forward comment=________ dst-port=1214 protocol=tcp
add action=drop chain=forward comment="ndm requester" dst-port=1363 protocol=tcp
add action=drop chain=forward comment="ndm server" dst-port=1364 protocol=tcp
add action=drop chain=forward comment="screen cast" dst-port=1368 protocol=tcp
add action=drop chain=forward comment=hromgrafx dst-port=1373 protocol=tcp
add action=drop chain=forward comment=cichlid dst-port=1377 protocol=tcp
add action=drop chain=forward comment=Worm dst-port=1433-1434 protocol=tcp
add action=drop chain=forward comment="Bagle forward" dst-port=2745 protocol=tcp
add action=drop chain=forward comment="Drop Dumaru.Y" dst-port=2283 protocol=tcp
add action=drop chain=forward comment="Drop Beagle" dst-port=2535 protocol=tcp
add action=drop chain=forward comment="Drop Beagle.C-K" dst-port=2745 protocol=tcp
add action=drop chain=forward comment="Drop MyDoom" dst-port=3127-3128 protocol=tcp
add action=drop chain=forward comment="Drop Backdoor OptixPro" dst-port=3410 protocol=tcp
add action=drop chain=forward comment=Worm dst-port=4444 protocol=tcp
add action=drop chain=forward comment=Worm dst-port=4444 protocol=udp
add action=drop chain=forward comment="Drop Sasser" dst-port=5554 protocol=tcp
add action=drop chain=forward comment="Drop Beagle.B" dst-port=8866 protocol=tcp
add action=drop chain=forward comment="Drop Dabber.A-B" dst-port=9898 protocol=tcp
add action=drop chain=forward comment="Drop Dumaru.Y" dst-port=10000 protocol=tcp
add action=drop chain=forward comment="Drop MyDoom.B" dst-port=10080 protocol=tcp
add action=drop chain=forward comment="Drop NetBus" dst-port=12345 protocol=tcp
add action=drop chain=forward comment="Drop Kuang2" dst-port=17300 protocol=tcp
add action=drop chain=forward comment="Drop SubSeven" dst-port=27374 protocol=tcp
add action=drop chain=forward comment="Drop PhatBot, Agobot, Gaobot" dst-port=65506 protocol=tcp
add action=accept chain=forward comment="Accept Established" connection-state=established
add action=accept chain=forward comment="Accept Related" layer7-protocol="youtube block all" \
    src-address-list=allow_youtube
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid
add action=accept chain=output connection-state=established
add action=accept chain=output connection-state=related
add action=drop chain=output connection-state=invalid
add action=add-src-to-address-list address-list=Bittorrent_users address-list-timeout=5m chain=forward \
    comment=Bittorrent_users disabled=yes layer7-protocol=*2
add action=drop chain=forward comment="Block torrent filter" disabled=yes layer7-protocol=Block-Torrents \
    log=yes out-interface=LAN
add action=add-src-to-address-list address-list=Torrent-Conn address-list-timeout=2m chain=forward \
    disabled=yes layer7-protocol=*4 src-address=192.168.10.0/24 src-address-list=!allow-bit
add action=add-src-to-address-list address-list=Torrent-Conn address-list-timeout=2m chain=forward \
    disabled=yes p2p=all-p2p src-address=192.168.10.0/24 src-address-list=allow-bit
add action=drop chain=forward dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=tcp \
    src-address-list=Torrent-Conn
add action=drop chain=forward dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=udp \
    src-address-list=Torrent-Conn
add action=add-src-to-address-list address-list=Torrent-Conn address-list-timeout=2m chain=forward \
    layer7-protocol=layer7-bittorrent-exp src-address=192.168.10.0/24 src-address-list=!allow-bit
add action=add-src-to-address-list address-list=Torrent-Conn address-list-timeout=2m chain=forward \
    disabled=yes layer7-protocol=layer7-bittorrent-exp src-address=192.168.10.0/24 src-address-list=\
    !allow-bit
add action=drop chain=forward disabled=yes dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=\
    tcp src-address-list=Torrent-Conn
add action=drop chain=forward disabled=yes dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=\
    udp src-address-list=Torrent-Conn
/ip firewall mangle
add action=accept chain=prerouting disabled=yes dst-address=192.168.0.0/24
add action=accept chain=prerouting disabled=yes dst-address=192.168.1.0/24
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes in-interface="Sky ether1" \
    new-connection-mark=ISP1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes in-interface=\
    "PLDT at ether2" new-connection-mark=ISP2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local \
    new-connection-mark=ISP1_conn passthrough=yes per-connection-classifier=both-addresses:2/0 src-address=\
    192.168.10.0/24
add action=mark-connection chain=prerouting connection-mark=no-mark disabled=yes dst-address-type=!local \
    new-connection-mark=ISP2_conn passthrough=yes per-connection-classifier=both-addresses:2/1 src-address=\
    192.168.10.0/24
add action=mark-routing chain=prerouting connection-mark=ISP1_conn disabled=yes new-routing-mark=to_SKY \
    passthrough=yes src-address=192.168.10.0/24
add action=mark-routing chain=prerouting connection-mark=ISP2_conn disabled=yes new-routing-mark=to_GLOBE \
    passthrough=yes src-address=192.168.10.0/24
add action=mark-routing chain=output connection-mark=ISP1_conn disabled=yes new-routing-mark=to_SKY \
    passthrough=no
add action=mark-routing chain=output connection-mark=ISP2_conn disabled=yes new-routing-mark=to_PLDT \
    passthrough=no
add action=mark-routing chain=prerouting comment="to PLDT" new-routing-mark=to_PLDT passthrough=no \
    src-address-list=PLDT
add action=accept chain=prerouting comment=">>>>> SEPARATOR (DO NOT ENABLE)" disabled=yes
add action=jump chain=prerouting comment="NEW CONNECTIONS" connection-state=new in-interface=all-ethernet \
    jump-target=crit-dnld-pr1
add action=jump chain=postrouting connection-state=new jump-target=crit-upld-pr1 out-interface=all-ethernet
add action=jump chain=prerouting jump-target=crit-dnld-pr1 port=53 protocol=udp
add action=jump chain=prerouting connection-bytes=2500000-0 connection-rate=2500-1G in-interface=\
    "Sky ether1" jump-target=beff-bulk-download protocol=tcp
add action=jump chain=prerouting connection-bytes=2500000-0 connection-rate=2500-1G in-interface=\
    "PLDT at ether2" jump-target=beff-bulk-download protocol=tcp
add action=mark-packet chain=beff-bulk-download new-packet-mark=dnld_pr8_beff passthrough=no
add action=return chain=beff-bulk-download
add action=jump chain=postrouting comment="BIG BYTES (OUT)" connection-bytes=2500000-0 connection-rate=\
    2500-1G jump-target=beff-bulk-upload out-interface="Sky ether1" protocol=tcp
add action=jump chain=postrouting connection-bytes=2500000-0 connection-rate=2500-1G jump-target=\
    beff-bulk-upload out-interface="PLDT at ether2" protocol=tcp
add action=mark-packet chain=beff-bulk-upload new-packet-mark=upld_pr8_beff passthrough=no
add action=return chain=beff-bulk-upload
add action=jump chain=prerouting in-interface="Sky ether1" jump-target=beff-http-down port=80,443 protocol=\
    tcp
add action=jump chain=prerouting in-interface="PLDT at ether2" jump-target=beff-http-down port=80,443 \
    protocol=tcp
add action=jump chain=prerouting in-interface="Sky ether1" jump-target=beff-http-down port=80,443 protocol=\
    udp
add action=jump chain=prerouting in-interface="PLDT at ether2" jump-target=beff-http-down port=80,443 \
    protocol=udp
add action=jump chain=beff-http-down connection-bytes=2500000-0 jump-target=beff-bulk-download protocol=tcp
add action=mark-packet chain=beff-http-down new-packet-mark=dnld_pr6_beff passthrough=no
add action=return chain=beff-http-down
add action=jump chain=prerouting in-interface="Sky ether1" jump-target=crit-dnld-pr2 protocol=tcp \
    tcp-flags=syn
add action=jump chain=prerouting in-interface="PLDT at ether2" jump-target=crit-dnld-pr2 protocol=tcp \
    tcp-flags=syn
add action=jump chain=postrouting jump-target=crit-upld-pr2 out-interface="Sky ether1" protocol=tcp \
    tcp-flags=syn
add action=jump chain=postrouting jump-target=crit-upld-pr2 out-interface="PLDT at ether2" protocol=tcp \
    tcp-flags=syn
add action=jump chain=forward comment="PR1 - RTP conn/packet" jump-target=crit-dnld-pr1 port=10000-20000 \
    protocol=udp
add action=jump chain=forward comment="PR1 -- FACETIME" jump-target=crit-dnld-pr2 port=5223,4080,3478 \
    protocol=tcp
add action=mark-connection chain=forward comment="DSCP 46 (VoIP)" connection-mark=no-mark dscp=46 \
    new-connection-mark=VoIP-conn passthrough=yes
add action=jump chain=prerouting comment="PR2 -- SIP (VoIP)" jump-target=crit-dnld-pr1 port=5060-5061 \
    protocol=tcp
add action=jump chain=prerouting jump-target=crit-dnld-pr1 port=5060-5061 protocol=udp
add action=mark-packet chain=beff-p2p new-packet-mark=dnld_pr8_lmtd passthrough=no
add action=return chain=beff-p2p
add action=accept chain=prerouting comment=">>>>> SEPARATOR (DO NOT ENABLE)" disabled=yes
add action=mark-packet chain=crit-dnld-pr1 new-packet-mark=dnld_pr1_crit passthrough=no
add action=return chain=crit-dnld-pr1
add action=mark-packet chain=crit-dnld-pr2 new-packet-mark=dnld_pr2_crit passthrough=no
add action=return chain=crit-dnld-pr2
add action=mark-packet chain=crit-upld-pr1 new-packet-mark=upld_pr1_crit passthrough=no
add action=return chain=crit-upld-pr1
add action=mark-packet chain=crit-upld-pr2 new-packet-mark=upld_pr2_crit passthrough=no
add action=return chain=crit-upld-pr2
add action=mark-connection chain=prerouting new-connection-mark=FACEBOOK-CONN passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting new-connection-mark=YOUTUBE-CONN passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting new-connection-mark=YOUTUBE-CONN passthrough=yes protocol=tcp
add action=mark-connection chain=forward comment=other-connection new-connection-mark=other-con \
    passthrough=yes

Screenshots
Screen Shot 2019-12-10 at 11.55.15 AM.png
Screen Shot 2019-12-10 at 11.56.08 AM.png
You do not have the required permissions to view the files attached to this post.
 
Sarel0092
newbie
Posts: 48
Joined: Tue Aug 07, 2018 8:25 am

Re: Blocking Torrent and P2P on RouterOS 6.44 and above

Tue Dec 10, 2019 3:10 pm

The following worked for me in the past:
/ip firewall layer7-protocol
add name=torrents regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|\
demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|megan\
ova|fulldls|btbot|fenopy|gpirate|commonbits|1337x|bitlord|rarbg|yts|eztv|piratebay|nya\
a|zooqle|idope|kat|torlock|demoniod|monova|toorgle|seedpeer|torrentz|rartv|ettv|bittorrent).*\$"
/ip firewall filter
add action=drop chain=forward comment="block torrents" layer7-protocol=torrents \
src-address-list=local
add action=drop chain=forward comment="block torrents - dns request" dst-port=\
53 layer7-protocol=torrents protocol=udp src-address-list=local
 
sakalsk
just joined
Posts: 5
Joined: Fri Jul 03, 2020 6:31 pm

Re: Blocking Torrent and P2P on RouterOS 6.44 and above

Sun Jul 05, 2020 4:16 pm

This is not working anymore. tested in 07/2020 and torrents are working with no issue...

The following worked for me in the past:
/ip firewall layer7-protocol
add name=torrents regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|\
demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|megan\
ova|fulldls|btbot|fenopy|gpirate|commonbits|1337x|bitlord|rarbg|yts|eztv|piratebay|nya\
a|zooqle|idope|kat|torlock|demoniod|monova|toorgle|seedpeer|torrentz|rartv|ettv|bittorrent).*\$"
/ip firewall filter
add action=drop chain=forward comment="block torrents" layer7-protocol=torrents \
src-address-list=local
add action=drop chain=forward comment="block torrents - dns request" dst-port=\
53 layer7-protocol=torrents protocol=udp src-address-list=local
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Blocking Torrent and P2P on RouterOS 6.44 and above

Sun Jul 05, 2020 4:47 pm

Since you seem unable to enforce usage of your internet you can throttle bandwidth such that email and general browsing are accomplished but anything else is so slow that its not palatable.
 
User avatar
inteq
Member
Member
Posts: 402
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: Blocking Torrent and P2P on RouterOS 6.44 and above

Sun Jul 05, 2020 5:14 pm

Far from 100% but you can try a VM with pihole, intercept all DNS requests while blocking external DNS requests and use a blocklist with popular torrent trackers.
Monitor pihole queries and add the missing ones.
If this is for a business network, put HR to work. Notify employees and 1st strike you are out. (logs from pihole will help).
 
creatin
Member Candidate
Member Candidate
Posts: 108
Joined: Sat Nov 23, 2019 2:59 am

Re: Blocking Torrent and P2P on RouterOS 6.44 and above

Mon Jul 06, 2020 3:10 pm

For me, following works:
/ip firewall layer7-protocol
add name="Torrent sites" regexp="^.+(torrent|rarbg|thepiratebay|isohunts|enter\
    tane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitu\
    nity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsoup|meganova|\
    fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits|d1:ad2|tracker|a\
    nnounce).*\$"
add comment="Block Torrents" name=block-torrents regexp="^(\\x13bittorrent pro\
    tocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|ge\
    t /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"

/ip firewall filter
add action=add-src-to-address-list address-list=Torrent-Conn \
    address-list-timeout=2m chain=forward comment="Torrent Block 1/4" \
    layer7-protocol=block-torrents src-address=192.168.2.0/24 \
    src-address-list=!allow-bit
# p2p matcher is obsolete please use layer7 matcher instead
add action=add-src-to-address-list address-list=Torrent-Conn \
    address-list-timeout=2m chain=forward comment="Torrent Block 2/4" p2p=\
    all-p2p src-address=192.168.2.0/24 src-address-list=!allow-bit
add action=drop chain=forward comment="Torrent Block 3/4" dst-port=\
    !0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=tcp \
    src-address-list=Torrent-Conn
add action=drop chain=forward comment="Torrent Block 4/4" dst-port=\
    !0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=udp \
    src-address-list=Torrent-Conn
 
alexx88
just joined
Posts: 1
Joined: Tue May 05, 2020 9:05 am

Re: Blocking Torrent and P2P on RouterOS 6.44 and above

Wed May 12, 2021 5:57 pm

Is there a way to block torrents but not online game like COD?

Who is online

Users browsing this forum: Briancer, gigabyte091, GoogleOther [Bot] and 54 guests