Community discussions

 
javedshotline
newbie
Topic Author
Posts: 26
Joined: Mon Jan 23, 2012 9:09 pm

Block Torrents & p2p Traffic 100% working on all versions

Thu Feb 09, 2012 11:40 pm

Asume you want to block torrent & p2p traffic on 192.168.1.0/24
replace ip according to your need



/ip firewall layer7-protocol>
use winbox to copy paste name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$


/ip firewall filter>
add chain=forward src-address=192.168.1.0/24 layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward src-address=192.168.1.0/24 protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward src-address=192.168.1.0/24 content=torrent action=drop comment=keyword_drop
add chain=forward src-address=192.168.1.0/24 content=tracker action=drop comment=trackers_drop
add chain=forward src-address=192.168.1.0/24 content=getpeers action=drop comment=get_peers_drop
add chain=forward src-address=192.168.1.0/24 content=info_hash action=drop comment=info_hash_drop
add chain=forward src-address=192.168.1.0/24 content=announce_peers action=drop comment=announce_peers_drop

& also use default rule to drop p2p traffic which alone is not working for me

add chain=forward src-address=192.168.1.0/24 p2p=all-p2p action=drop comment=p2p_drop


Enjoy :)
If I helped you - Don't forget to give Karma
 
Chewers
newbie
Posts: 39
Joined: Sun Oct 23, 2011 7:41 pm

Re: Block Torrents & p2p Traffic 100% working on all version

Fri Feb 10, 2012 3:12 pm

Yup, works fine.. Cheers
 
estdata
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Mon Feb 20, 2012 9:05 pm
Contact:

Re: Block Torrents & p2p Traffic 100% working on all version

Tue Feb 21, 2012 12:15 am

/ip firewall filter
add action=drop chain=forward comment="P2P drop " disabled=no p2p=all-p2p
add action=drop chain=forward comment="more connection closed" disabled=no
don't forget to give me karma if got help
....
 
battumur
just joined
Posts: 3
Joined: Wed Jan 18, 2012 11:14 am

Re: Block Torrents & p2p Traffic 100% working on all version

Wed Mar 21, 2012 6:22 am

Hello
How to insert following commands ?
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$

Please help me guys
 
User avatar
andressis2k
Member Candidate
Member Candidate
Posts: 104
Joined: Mon Apr 18, 2011 12:47 am

Re: Block Torrents & p2p Traffic 100% working on all version

Wed Mar 21, 2012 3:55 pm

Go tp IP > Firewall > Layer7 Protocols, add a new one and paste it there

Regards
 
battumur
just joined
Posts: 3
Joined: Wed Jan 18, 2012 11:14 am

Re: Block Torrents & p2p Traffic 100% working on all version

Thu Mar 22, 2012 3:11 am

Thank you for replay.


Can you please teach me How to add new one ?
Image
Best Regards

Battumur
 
Zebble
newbie
Posts: 42
Joined: Mon Oct 17, 2011 4:07 am

Re: Block Torrents & p2p Traffic 100% working on all version

Thu Mar 22, 2012 3:05 pm

Copy and paste the regexp into IP -> Firewall -> Layer 7 protocols, or use this export:
/ip firewall layer7-protocol
add name=torrentsites regexp="^.*(get|GET).+(torrent|\
    thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|\
    torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|\
    entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|\
    flixflux|seedpeer|fenopy|gpirate|commonbits).*\$\
    "
 
kennyolutola
just joined
Posts: 17
Joined: Mon Apr 27, 2009 11:08 am
Location: Nigeria

Re: Block Torrents & p2p Traffic 100% working on all version

Thu Mar 22, 2012 4:03 pm

thanks for this info...It worked perfectly....
 
User avatar
ulikroessin
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Sat Jun 18, 2011 3:02 am
Location: Paraguay

Re: Block Torrents & p2p Traffic 100% working on all version

Thu Mar 22, 2012 6:28 pm

Hello and thank you for the information.

I have a question:
If they use it without the source-addresses it will work for the hole board if there are 3 wireless-client-cards with addresses 192.168.1.0, 192.168.2.0 and 192.168.3.0?

Or have I to write all the rules particular for each address?

Saludos

Uli
 
Zebble
newbie
Posts: 42
Joined: Mon Oct 17, 2011 4:07 am

Re: Block Torrents & p2p Traffic 100% working on all version

Thu Mar 22, 2012 6:31 pm

ulikroessin, that will depend on how you setup your firewall rules that use the layer7 protocol filter. You can specific specific addresses, or not and have everything filtered...
 
User avatar
ulikroessin
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Sat Jun 18, 2011 3:02 am
Location: Paraguay

Re: Block Torrents & p2p Traffic 100% working on all version

Thu Mar 22, 2012 7:43 pm

Thank you Zebble, but...well, more exactly my question:

I have a RB 333. Eth --> modem --> www, wlan1=192.168.1.0, wlan2=192.168.2.0, wlan3=192.168.3.0
At the wlans I have clients (hotspot/usermanager).

I want that the block-rules for p2p are working at all the 3 wlans.

I write this
name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$
in "ip firewall layer7-protocols".

In "ip firewall filter" I have to wirte this:
add chain=forward src-address=192.168.1.0/24 layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward src-address=192.168.1.0/24 protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward src-address=192.168.1.0/24 content=torrent action=drop comment=keyword_drop
add chain=forward src-address=192.168.1.0/24 content=tracker action=drop comment=trackers_drop
add chain=forward src-address=192.168.1.0/24 content=getpeers action=drop comment=get_peers_drop
add chain=forward src-address=192.168.1.0/24 content=info_hash action=drop comment=info_hash_drop
add chain=forward src-address=192.168.1.0/24 content=announce_peers action=drop comment=announce_peers_drop
...
add chain=forward src-address=192.168.1.0/24 p2p=all-p2p action=drop comment=p2p_drop
but 3 times (with the 3 src-addresses 192.168.1.0, 192.168.2.0 and 192.168.3.0)

or I can write it so (without the src-addresses) and it will work for all the 3 wlans:

add chain=forward layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward content=torrent action=drop comment=keyword_drop
add chain=forward content=tracker action=drop comment=trackers_drop
add chain=forward content=getpeers action=drop comment=get_peers_drop
add chain=forward content=info_hash action=drop comment=info_hash_drop
add chain=forward content=announce_peers action=drop comment=announce_peers_drop
...
add chain=forward p2p=all-p2p action=drop comment=p2p_drop


The last one (default rule) I´m using so since 1 year, without src-addresses, and hope it works. But I´m not sure...

Saludos

Uli
 
User avatar
mahnet
Long time Member
Long time Member
Posts: 654
Joined: Tue Jul 07, 2009 9:11 pm

Re: Block Torrents & p2p Traffic 100% working on all version

Thu Mar 22, 2012 8:29 pm

has someone tried it successfully
 
User avatar
ulikroessin
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Sat Jun 18, 2011 3:02 am
Location: Paraguay

Re: Block Torrents & p2p Traffic 100% working on all version

Thu Mar 22, 2012 10:12 pm

Hello again,

I try to test it and seems it works so, without addresses, but how I wrote - I´m not sure.
Here the config:
 > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; TCP Connection Limits
     chain=forward action=drop tcp-flags=syn protocol=tcp 
     src-address=1.......1.0/24 connection-limit=101,32 

 1   ;;; TCP Connection Limits
     chain=forward action=drop tcp-flags=syn protocol=tcp 
     src-address=1.......2.0/24 connection-limit=101,32 

 2   ;;; TCP Connection Limits
     chain=forward action=drop tcp-flags=syn protocol=tcp 
     src-address=1.......3.0/24 connection-limit=101,32 

 3   ;;; UDP Connection Limits
     chain=forward action=drop protocol=udp src-address=1.......1.0/24 
     connection-limit=71,32 

 4   ;;; UDP Connection Limits
     chain=forward action=drop protocol=udp src-address=1.......2.0/24 
     connection-limit=71,32 

 5   ;;; UDP Connection Limits
     chain=forward action=drop protocol=udp src-address=1.......3.0/24 
     connection-limit=71,32 

 6   ;;; Accept established connections
     chain=input action=accept connection-state=established 

 7   ;;; Accept related connections
     chain=input action=accept connection-state=related 

 8   ;;; Drop invalid connections
     chain=input action=drop connection-state=invalid 

 9   ;;; UDP
     chain=input action=accept protocol=udp 

10   ;;; p2p
     chain=forward action=drop p2p=all-p2p 

11   ;;; warez
     chain=forward action=drop p2p=warez 

12   ;;; kazaa
     chain=forward action=drop p2p=fasttrack 

13   ;;; block torrent sites
     chain=forward action=drop layer7-protocol=torrent-dns 

14   ;;; block torrent dns
     chain=forward action=drop protocol=udp layer7-protocol=torrent-dns 
     dst-port=53 

15   ;;; torrentsites
     chain=forward action=drop layer7-protocol=torrentsites 

16   ;;; keyword_drop
     chain=forward action=drop content=torrent 

17   ;;; trackers_drop
     chain=forward action=drop content=tracker 

18   ;;; get_peers_drop
     chain=forward action=drop content=getpeers 

19   ;;; info_hash_drop
     chain=forward action=drop content=info_hash 

20   ;;; announce_peers_drop
     chain=forward action=drop content=announce_peers 
And here the screenshot from the last hours:
You do not have the required permissions to view the files attached to this post.
 
battumur
just joined
Posts: 3
Joined: Wed Jan 18, 2012 11:14 am

Re: Block Torrents & p2p Traffic 100% working on all version

Fri Mar 23, 2012 5:07 am

Thanks Zebble

I would like to know how to bandwidth limit on torrent. Because my some users need to torrent.
I have 30Mb, So I wanna use 4mb to torrent .

Please help me
 
Luth
newbie
Posts: 42
Joined: Sun Jun 05, 2011 4:04 pm
Location: Italy
Contact:

Re: Block Torrents & p2p Traffic 100% working on all version

Sat Mar 24, 2012 11:48 pm

ok, but if you want to *limit* p2p traffic?

I think that some one provide internet access can't "inspect" traffic that carry out but... bandwith cost lot of money so limit this type of traffic I'think is a good compromise!

So can you try to modify the solutions you have posted to a version that limit traffic instead of blocking?

Best regards!
Luciano Talarico
TLCWEB Srl - Italy
Visit Mikrotik topics on our Linux by Myself website at linuxbms.com
 
ericsooter
Member Candidate
Member Candidate
Posts: 272
Joined: Mon Mar 07, 2005 6:16 pm
Location: Oklahoma USA

Re: Block Torrents & p2p Traffic 100% working on all version

Fri Apr 06, 2012 10:21 pm

Hello and thank you for the information.

I have a question:
If they use it without the source-addresses it will work for the hole board if there are 3 wireless-client-cards with addresses 192.168.1.0, 192.168.2.0 and 192.168.3.0?

Or have I to write all the rules particular for each address?

Saludos

Uli
I believe if you Layer 7 filter everything it will severely impact your routers CPU. So you want to make sure you have plenty of processing capacity before you do it. So with the smaller 400 series boards, I typically just filter selected users via IP address lists.

Eric
 
farazhamzaa
Frequent Visitor
Frequent Visitor
Posts: 74
Joined: Sun Apr 01, 2012 9:31 am

Re: Block Torrents & p2p Traffic 100% working on all version

Fri Jul 06, 2012 12:37 pm

Yea this method is also working for me.

but in hotspot how can its possible for me to allow few clients to use torrent,p2p trafic. and block for remaining all others.

it is possible so?
 
dzany
just joined
Posts: 3
Joined: Sun Nov 20, 2011 11:21 pm

Re: Block Torrents & p2p Traffic 100% working on all version

Wed Jul 18, 2012 10:48 pm

This regxp in layer7 protocol works for me, but I set up round way through socks5 server for torrenting, and it's excluded from that rule, I cannot do it to myself to block torrents to my people :) Server used for socks5 is Dante :)

Please do not use this rule in bad manner :)

^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data\?fid=)|d1:ad2:id20:|\x08'7P\)[RP]
 
TKITFrank
Member Candidate
Member Candidate
Posts: 236
Joined: Tue Jul 07, 2009 2:55 pm
Location: Sweden

Re: Block Torrents & p2p Traffic 100% working on all version

Thu Jul 19, 2012 6:39 am

MTCNA

"I don't believe UNIX is Utopia. It's just the best set of tools around."
 
User avatar
bysard
Member Candidate
Member Candidate
Posts: 295
Joined: Thu Apr 22, 2010 2:53 pm

Re: Block Torrents & p2p Traffic 100% working on all version

Wed Oct 02, 2013 1:45 pm

It seems that these rules don't work anymore.
 
lsavvaid
just joined
Posts: 2
Joined: Mon Feb 03, 2014 9:08 pm

Re: Block Torrents & p2p Traffic 100% working on all version

Mon Feb 03, 2014 9:15 pm

/ip firewall filter
add action=drop chain=forward comment="P2P drop " disabled=no p2p=all-p2p
add action=drop chain=forward comment="more connection closed" disabled=no

this rule

add action=drop chain=forward comment="more connection closed" disabled=no


block all traffic my network ( rb433ah , bridge mode)

is correct?

the others works properly
 
lsavvaid
just joined
Posts: 2
Joined: Mon Feb 03, 2014 9:08 pm

Re: Block Torrents & p2p Traffic 100% working on all version

Mon Feb 03, 2014 9:20 pm

/ip firewall filter
add action=drop chain=forward comment="P2P drop " disabled=no p2p=all-p2p
add action=drop chain=forward comment="more connection closed" disabled=no
this rule : add action=drop chain=forward comment="more connection closed" disabled=no

block all traffic my network (rb433ah, bridge wlan1-eth1)

is correct?

all others rules works perfect
 
joshamo
just joined
Posts: 2
Joined: Tue Jul 01, 2014 1:18 am

Re: Block Torrents & p2p Traffic 100% working on all version

Tue Jul 01, 2014 1:23 am

Hey guys! I have done this, and it works pretty great for what I needed, but I have one question. Is there a way to make it redirect to a website instead of just dropping? I want to tell all customers that it is against ToS to use torrents through a web page. Thanks
 
joshamo
just joined
Posts: 2
Joined: Tue Jul 01, 2014 1:18 am

Re: Block Torrents & p2p Traffic 100% working on all version

Tue Jul 01, 2014 1:31 am

The only problem I really see with this, is that it blocks things for keywords. Like me making this post, since it has the keywords in it, I have to use a different gateway to post.. Any idea for a way around that?
 
spaxton
Member Candidate
Member Candidate
Posts: 163
Joined: Fri Jan 01, 2010 12:18 pm

Re: Block Torrents & p2p Traffic 100% working on all version

Tue Jun 09, 2015 9:11 pm

Hey guys! I have done this, and it works pretty great for what I needed, but I have one question. Is there a way to make it redirect to a website instead of just dropping? I want to tell all customers that it is against ToS to use torrents through a web page. Thanks

great! This would be very useful!
 
User avatar
Uqbar
Member Candidate
Member Candidate
Posts: 110
Joined: Tue May 05, 2015 11:56 am
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Thu Aug 06, 2015 11:23 am

Maybe I am wrong, but the proposed solution blocks the downloads of the .torrent files (GET) from known torrent repositories. This is of course important but not effective.
But it won't block the torrent protocol (file sharing) itself. Which is what I'd like to block, as torrent files can be exchanged via email or even through removable media.
Any idea?
 
Petzl
Member Candidate
Member Candidate
Posts: 207
Joined: Sun Jun 30, 2013 12:14 pm

Re: Block Torrents & p2p Traffic 100% working on all versions

Thu Aug 06, 2015 11:54 pm

this even blocks news sites if there is something mentioned about torrents.

this does not work if you use https
 
User avatar
dunga
Member Candidate
Member Candidate
Posts: 254
Joined: Fri Jan 23, 2009 9:51 am
Location: Nigeria

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Mar 22, 2016 1:03 pm

Asume you want to block torrent & p2p traffic on 192.168.1.0/24
replace ip according to your need



/ip firewall layer7-protocol>
use winbox to copy paste name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$


/ip firewall filter>
add chain=forward src-address=192.168.1.0/24 layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward src-address=192.168.1.0/24 protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward src-address=192.168.1.0/24 content=torrent action=drop comment=keyword_drop
add chain=forward src-address=192.168.1.0/24 content=tracker action=drop comment=trackers_drop
add chain=forward src-address=192.168.1.0/24 content=getpeers action=drop comment=get_peers_drop
add chain=forward src-address=192.168.1.0/24 content=info_hash action=drop comment=info_hash_drop
add chain=forward src-address=192.168.1.0/24 content=announce_peers action=drop comment=announce_peers_drop

& also use default rule to drop p2p traffic which alone is not working for me

add chain=forward src-address=192.168.1.0/24 p2p=all-p2p action=drop comment=p2p_drop


Enjoy :)
I just copied this from somewhere in the forum, I want to integrate it with blocking downloading of .mp3, *.mp4 etc, how will I add this to the l7-layer, is this one correct cus i dont see it catching any traffic

1./ip firewall layer7-protocol
add name=streaming2 regexp="\"^.*get.+\\\\.(3gp|mov|mpe|mpeg|mpeg2|mpeg3|mpeg4|mkv|avi|flv|f4v|f4p|f4a\
|f4b|x-flv|msi|wmv|mp2|mp3|mp4|swf|rm|rmvb|vcd|pdf|dat|iso|nrg|bin|cab|vcd|ogg|wma|divx|d2v|qt|0[0-9][0-9])

2. /ip firewall mangle
add action=mark-packet chain=prerouting comment="Mark Packet Streaming" disabled=no \
layer7-protocol=streaming new-packet-mark=streaming2 passthrough=no

You can adjust the max-limit to anything higher like 128k
3. /queue tree add name="streaming2" parent=global packet-mark=streaming2 limit-at=0 queue=default \
priority=8 max-limit=48k burst-limit=0 \
burst-threshold=0 burst-time=0s
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1651
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Mar 22, 2016 1:30 pm

today there is so many ways of using torrent, because that blocking it is a never ending work

the main reason to block torrent is because use too much bandwidth

i think there is no need to block torrent i think is better to properly identify torrent and p2p traffic to give it a lower priority and control the congestion it generates and guarantee the good performance on the other applications
 
User avatar
Uqbar
Member Candidate
Member Candidate
Posts: 110
Joined: Tue May 05, 2015 11:56 am
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Thu Mar 24, 2016 11:32 am

I agree with chechito. The only "small problem"™ is to correctly identifying the torrent traffic.
Blocking the download of the torrent file itself is useless as torrents can be added manually from other sources.
I think that only Deep Packet Inspection can help.
Any ideas?
There's never a stupid question. But often stupid answers.
And, yes I do used search engines. This is why I am here.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1651
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Thu Mar 24, 2016 5:43 pm

I agree with chechito. The only "small problem"™ is to correctly identifying the torrent traffic.
Blocking the download of the torrent file itself is useless as torrents can be added manually from other sources.
I think that only Deep Packet Inspection can help.
Any ideas?
in my case i have identified torrent traffic by discard, detecting another protocols and services usually leave me with torrent on the "unclassified" part of the traffic leaving it with low priority
 
User avatar
Uqbar
Member Candidate
Member Candidate
Posts: 110
Joined: Tue May 05, 2015 11:56 am
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Thu Mar 24, 2016 7:54 pm

in my case i have identified torrent traffic by discard
Do you mean "everything else" (everything but HTTP, HTTPS, SSH, SMTPS, IMAP4S POP3S..) is considered torrent?
If so, which protocols are you considering?
If not, please elaborate.
As I cannot really block P2P in general, I am trying to throttle "everything else".
The problem is that outgoing P2P can also go to TCP:80, TCP:443, TCP:53 and UDP:53 and so on...
In these cases throttling wouldn't apply. And this is why I am talking about DPI.
There's never a stupid question. But often stupid answers.
And, yes I do used search engines. This is why I am here.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1651
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Fri Mar 25, 2016 2:46 am

in my case i have identified torrent traffic by discard
Do you mean "everything else" (everything but HTTP, HTTPS, SSH, SMTPS, IMAP4S POP3S..) is considered torrent?
If so, which protocols are you considering?
If not, please elaborate.
As I cannot really block P2P in general, I am trying to throttle "everything else".
The problem is that outgoing P2P can also go to TCP:80, TCP:443, TCP:53 and UDP:53 and so on...
In these cases throttling wouldn't apply. And this is why I am talking about DPI.
people are using 80 and 443 and 53 or another well known ports because of the blocking, because that is better to throttle than blocking

and with throttle im referencing to give the torrent the possibility of using all the spare bandwidth not throttling it to a ridiculous speeds

Is not perfect but it works in many cases and its free

if some one need better detection of P2P is better to go with an expensive fortigate or another UTM and pay the expensive annual license fee

for example

fortigate 80d recommended for 65mbps of wan channel cost ~750US without services, and ~1.740US with 3 year service subscription that is ~330 US per year of subscription

fortigate 200d recommended for 150mbps of wan channel cost ~2.300US without services, and ~5.200US with 3 year service subscription that is ~960 US per year of subscription

fortigate 600d recommended for 1.100mbps of wan channel cost ~8.000US without services, and ~17.840US with 3 year service subscription that is ~3.280 US per year of subscription

fortigate 1500d recommended for 2.300mbps of wan channel cost ~30.000US without services, and ~66.900US with 3 year service subscription that is ~12.300 US per year of subscription

fortigate 3000d recommended for 6.000mbps of wan channel cost ~60.000US without services, and ~133.800US with 3 year service subscription that is ~24.600 US per year of subscription
 
User avatar
Uqbar
Member Candidate
Member Candidate
Posts: 110
Joined: Tue May 05, 2015 11:56 am
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Fri Mar 25, 2016 8:17 am

in my case i have identified torrent traffic by discard
Do you mean "everything else" (everything but HTTP, HTTPS, SSH, SMTPS, IMAP4S POP3S..) is considered torrent?
If so, which protocols are you considering?
If not, please elaborate.
As I cannot really block P2P in general, I am trying to throttle "everything else".
The problem is that outgoing P2P can also go to TCP:80, TCP:443, TCP:53 and UDP:53 and so on...
In these cases throttling wouldn't apply. And this is why I am talking about DPI.
people are using 80 and 443 and 53 or another well known ports because of the blocking, because that is better to throttle than blocking

and with throttle im referencing to give the torrent the possibility of using all the spare bandwidth not throttling it to a ridiculous speeds

Is not perfect but it works in many cases and its free

if some one need better detection of P2P is better to go with an expensive fortigate or another UTM and pay the expensive annual license fee

for example

fortigate 80d recommended for 65mbps of wan channel cost ~750US without services, and ~1.740US with 3 year service subscription that is ~330 US per year of subscription

fortigate 200d recommended for 150mbps of wan channel cost ~2.300US without services, and ~5.200US with 3 year service subscription that is ~960 US per year of subscription

fortigate 600d recommended for 1.100mbps of wan channel cost ~8.000US without services, and ~17.840US with 3 year service subscription that is ~3.280 US per year of subscription

fortigate 1500d recommended for 2.300mbps of wan channel cost ~30.000US without services, and ~66.900US with 3 year service subscription that is ~12.300 US per year of subscription

fortigate 3000d recommended for 6.000mbps of wan channel cost ~60.000US without services, and ~133.800US with 3 year service subscription that is ~24.600 US per year of subscription
So, was I right?
I mean, do you simply throttle "everything else" but a bunch of "well known useful protocols"?
There's never a stupid question. But often stupid answers.
And, yes I do used search engines. This is why I am here.
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 1651
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Fri Mar 25, 2016 5:15 pm

So, was I right?
I mean, do you simply throttle "everything else" but a bunch of "well known useful protocols"?
yes i priorize traffic in this order:

tcp ack packets, dns, icmp, udp traffic whit characteristics matching most voip and gaming apps, vpns, rdp, http small traffic connections, http big traffic connections, mail connections, other udp tcp small traffic connections.

the remaining traffic are other tcp and udp connections with big traffic, torrent transfer get on this category
 
loveman
Member
Member
Posts: 311
Joined: Tue Mar 10, 2015 9:32 pm

Re: Block Torrents & p2p Traffic 100% working on all versions

Sun Jun 05, 2016 11:27 pm

add chain=forward src-address=192.168.1.0/24 p2p=all-p2p action=drop comment=p2p_drop


not working
buz i need to drop "psiphon vpn" from server ,,

how can drop that p2p buz drop vpn?
 
djeniuss
just joined
Posts: 3
Joined: Tue Feb 07, 2017 2:07 pm

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Feb 07, 2017 2:32 pm

I have tried all the methods posted above and torrents still download.I am new to Mikrotik. Please help
 
User avatar
Uqbar
Member Candidate
Member Candidate
Posts: 110
Joined: Tue May 05, 2015 11:56 am
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Feb 07, 2017 3:01 pm

I started by dropping all incoming TCP and UDP traffic (all of it) but those services that go to DMZ.
So there's no traffic going to LAN, which means "low ID" in the P2P lingo.

Then I started throttling (I'd like to drop, actually) all outgoing traffic from LAN with UDP ports other than 53 (DNS) and 123 (NTP) and TCP ports higher than 1023.

My situation is much better now, while still not completely closing P2 traffic.
There's never a stupid question. But often stupid answers.
And, yes I do used search engines. This is why I am here.
 
fiery2
just joined
Posts: 5
Joined: Sat Jun 03, 2017 7:48 pm

Re: Block Torrents & p2p Traffic 100% working on all versions

Sun Nov 12, 2017 4:26 am

This thread is somewhat old but gold.
On theory,wouldnt it any better if we throthle or drop connection exceed certain threshold?
Afterall,nobody but the most determined user would download torrent with low seed/peer per downloaded file?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1238
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Block Torrents & p2p Traffic 100% working on all versions

Sun Nov 12, 2017 9:40 am

You can throttle download traffic, but you cant separate download from a web site and download from a p2p site, so you would throttle all download.
When p2p traffic is encrypted, it blends inn to normal traffic.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
Uqbar
Member Candidate
Member Candidate
Posts: 110
Joined: Tue May 05, 2015 11:56 am
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Sun Nov 12, 2017 10:14 am

The torrent file download is not the torrent traffic.
I don't really mind about downloading torrent files: they can be a few megs, even a dozen, and then it's done.
Torrent traffic is about large movies (from a few gigas to a hundred), mostly all pirated contents.
And you can bring torrent files into the network with (s)ftp, email, chat, https and so on, not just HTTP.
The L7 matcher can be defied by E2E cryptography, so only TCP and UDP ports remain to be used.
I still think my approach is the one that can reliably give some results. Even if they won't really block torrent and other p2p traffic.
There's never a stupid question. But often stupid answers.
And, yes I do used search engines. This is why I am here.
 
shiyarrohit
just joined
Posts: 1
Joined: Mon Mar 26, 2018 5:13 pm

Re: Block Torrents & p2p Traffic 100% working on all versions

Mon Mar 26, 2018 5:27 pm

Its Not Working IN mikrotik modelno. CCR1072-1G-8S+ FIRMWARE :6.41.3

PLEASE HELP

Asume you want to block torrent & p2p traffic on 192.168.1.0/24
replace ip according to your need



/ip firewall layer7-protocol>
use winbox to copy paste name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$


/ip firewall filter>
add chain=forward src-address=192.168.1.0/24 layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward src-address=192.168.1.0/24 protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward src-address=192.168.1.0/24 content=torrent action=drop comment=keyword_drop
add chain=forward src-address=192.168.1.0/24 content=tracker action=drop comment=trackers_drop
add chain=forward src-address=192.168.1.0/24 content=getpeers action=drop comment=get_peers_drop
add chain=forward src-address=192.168.1.0/24 content=info_hash action=drop comment=info_hash_drop
add chain=forward src-address=192.168.1.0/24 content=announce_peers action=drop comment=announce_peers_drop

& also use default rule to drop p2p traffic which alone is not working for me

add chain=forward src-address=192.168.1.0/24 p2p=all-p2p action=drop comment=p2p_drop


Enjoy :)
 
noemie
just joined
Posts: 10
Joined: Wed Apr 11, 2018 3:23 pm
Location: France

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Apr 17, 2018 10:41 am

Hi!
I followed your tutorial and it's perectly work on my router ! Thank you a lot !
(I work for a small french ISP and we receive letters from Hadopi, so we are searching a solution to limit the illegal download ^^ )

I have a question, maybe it will sounds stupid for you, but this code :
/ip firewall layer7-protocol>
use winbox to copy paste name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$
Can we complete it with another "keyword", another website name ?
Is it this ? A sort of list of torrent sites names ?


Thank you again !
Noémie

PS : sorry for my bad english, I'm french :)
 
User avatar
Uqbar
Member Candidate
Member Candidate
Posts: 110
Joined: Tue May 05, 2015 11:56 am
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Apr 17, 2018 11:07 am

Hi!
I followed your tutorial and it's perectly work on my router ! Thank you a lot !
(I work for a small french ISP and we receive letters from Hadopi, so we are searching a solution to limit the illegal download ^^ )

I have a question, maybe it will sounds stupid for you, but this code :
/ip firewall layer7-protocol>
use winbox to copy paste name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$
Can we complete it with another "keyword", another website name ?
Is it this ? A sort of list of torrent sites names ?


Thank you again !
Noémie

PS : sorry for my bad english, I'm french :)
This will only block the download of a torrent file, not the torrent traffic itself.
Try to first download the torrent file, then enable the rules and finally ask your torrent client to load the torrent file to start the p2p exchange.
You will see the p2p traffic bidirectionally flowing unimpeded!

P.S.
I am even more sorry for my english: I am Italian! ;-)
There's never a stupid question. But often stupid answers.
And, yes I do used search engines. This is why I am here.
 
noemie
just joined
Posts: 10
Joined: Wed Apr 11, 2018 3:23 pm
Location: France

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Apr 17, 2018 12:28 pm

This will only block the download of a torrent file, not the torrent traffic itself.
Try to first download the torrent file, then enable the rules and finally ask your torrent client to load the torrent file to start the p2p exchange.
You will see the p2p traffic bidirectionally flowing unimpeded!
Hi!
I don't want to block it (we can't ! Because gaming used p2p, for example, and it's perfectly legal) !
I just want to identify the customers who try to download and then, limits their bandwhidth, send them an email, things like that !
P.S.
I am even more sorry for my english: I am Italian! ;-)
Hello from France ;)
 
User avatar
Uqbar
Member Candidate
Member Candidate
Posts: 110
Joined: Tue May 05, 2015 11:56 am
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Apr 17, 2018 1:29 pm

This will only block the download of a torrent file, not the torrent traffic itself.
Try to first download the torrent file, then enable the rules and finally ask your torrent client to load the torrent file to start the p2p exchange.
You will see the p2p traffic bidirectionally flowing unimpeded!
Hi!
I don't want to block it (we can't ! Because gaming used p2p, for example, and it's perfectly legal) !
I just want to identify the customers who try to download and then, limits their bandwhidth, send them an email, things like that !
P.S.
I am even more sorry for my english: I am Italian! ;-)
Hello from France ;)
Well, the OP titled this thread as "Block Torrents & p2p Traffic 100% working" so I thought the topic was still sticking.
Anyway, blocking the download of torrent files alone from a selected set or URLs sounds to me like a waste of time as you can download them throug POP3, IMAP4, FTP and so on. Those won't be blocked.
Anyway, you are right. P2P (DHT) is being used for a number of purposes that cannot easily be told apart from each other.
I think now this thread title is misleading for two reasons:
1. you cannot block (real) P2P traffic based upon specific usage (lawful vs unlawful)
2. the proposed solution doesn't "Block Torrents & p2p Traffic" at all.

Rule, Europa! Rule the waves!
There's never a stupid question. But often stupid answers.
And, yes I do used search engines. This is why I am here.
 
noemie
just joined
Posts: 10
Joined: Wed Apr 11, 2018 3:23 pm
Location: France

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Apr 17, 2018 5:23 pm

Anyway, you are right. P2P (DHT) is being used for a number of purposes that cannot easily be told apart from each other.
I think now this thread title is misleading for two reasons:
1. you cannot block (real) P2P traffic based upon specific usage (lawful vs unlawful)
2. the proposed solution doesn't "Block Torrents & p2p Traffic" at all.
Yep ! This is why I used this topic to mark people who have visited torrent website.
I will make a blacklist of torrent website, with a web proxy in MK. (I mean, I will try ! I know that it will not work at 100%)
And, finally, I am searching of how to see who is using the most bandidth, to then limit only him, get his IP address, send him an email... etc ! :)
(And I take the opportunity to ask you if you have any idea of how to manage that :) )
 
tippenring
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Apr 17, 2018 6:45 pm

Hello from the US.

Why would you want to block torrents? It is often legitimate traffic. Perhaps torrents are sometimes used to copy copyrighted content without appropriate license, but that is on the person making the illegal copy.

The ISP cannot know if a torrent is legal or illegal without confronting the customer to check their license for the content.
 
User avatar
Uqbar
Member Candidate
Member Candidate
Posts: 110
Joined: Tue May 05, 2015 11:56 am
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Apr 17, 2018 8:33 pm

Hello from the US.

Why would you want to block torrents? It is often legitimate traffic. Perhaps torrents are sometimes used to copy copyrighted content without appropriate license, but that is on the person making the illegal copy.

The ISP cannot know if a torrent is legal or illegal without confronting the customer to check their license for the content.
Blocking can also be shaping (or queueing in mikrotik lingo).
P2P traffic creates sustained loads in both directions and can be overkilling for most WANs.
I cannot and don't want to tell legitimate from unlegitimate content access: no sane net admin would.
Being able to tell P2P traffic from other things would be interesting. It seems it's impossible at the moment.
What I can do at the moment is to shape high TCP/UDP port traffic, but that's neither enough nor proper.
There's never a stupid question. But often stupid answers.
And, yes I do used search engines. This is why I am here.
 
tippenring
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Block Torrents & p2p Traffic 100% working on all versions

Tue Apr 17, 2018 9:26 pm

Blocking can also be shaping (or queueing in mikrotik lingo).
P2P traffic creates sustained loads in both directions and can be overkilling for most WANs.
I cannot and don't want to tell legitimate from unlegitimate content access: no sane net admin would.
Being able to tell P2P traffic from other things would be interesting. It seems it's impossible at the moment.
What I can do at the moment is to shape high TCP/UDP port traffic, but that's neither enough nor proper.
It seems to me if an ISP offers a customer bandwidth, say 1M up and 10M down for example, then the ISP is obligated to deliver 1M up and 10M down 99% of the time. After all, that's what the customer was sold.

If an ISP can't deliver promised bandwidth in aggregate due to oversubscription, overutilized gear, or any other cause, then the ISP needs to establish more bandwidth at the point of congestion. Sure, it can be expensive, but lying to the customers about the service an ISP is capable of providing can also be expensive.

Who is online

Users browsing this forum: Google [Bot] and 80 guests