Page 1 of 1

Block Torrents & p2p Traffic 100% working on all versions

Posted: Thu Feb 09, 2012 11:40 pm
by javedshotline
Asume you want to block torrent & p2p traffic on 192.168.1.0/24
replace ip according to your need



/ip firewall layer7-protocol>
use winbox to copy paste name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$


/ip firewall filter>
add chain=forward src-address=192.168.1.0/24 layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward src-address=192.168.1.0/24 protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward src-address=192.168.1.0/24 content=torrent action=drop comment=keyword_drop
add chain=forward src-address=192.168.1.0/24 content=tracker action=drop comment=trackers_drop
add chain=forward src-address=192.168.1.0/24 content=getpeers action=drop comment=get_peers_drop
add chain=forward src-address=192.168.1.0/24 content=info_hash action=drop comment=info_hash_drop
add chain=forward src-address=192.168.1.0/24 content=announce_peers action=drop comment=announce_peers_drop

& also use default rule to drop p2p traffic which alone is not working for me

add chain=forward src-address=192.168.1.0/24 p2p=all-p2p action=drop comment=p2p_drop


Enjoy :)

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Fri Feb 10, 2012 3:12 pm
by Chewers
Yup, works fine.. Cheers

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Tue Feb 21, 2012 12:15 am
by estdata
/ip firewall filter
add action=drop chain=forward comment="P2P drop " disabled=no p2p=all-p2p
add action=drop chain=forward comment="more connection closed" disabled=no

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Wed Mar 21, 2012 6:22 am
by battumur
Hello
How to insert following commands ?
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$

Please help me guys

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Wed Mar 21, 2012 3:55 pm
by andressis2k
Go tp IP > Firewall > Layer7 Protocols, add a new one and paste it there

Regards

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Thu Mar 22, 2012 3:11 am
by battumur
Thank you for replay.


Can you please teach me How to add new one ?
Image
Best Regards

Battumur

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Thu Mar 22, 2012 3:05 pm
by Zebble
Copy and paste the regexp into IP -> Firewall -> Layer 7 protocols, or use this export:
/ip firewall layer7-protocol
add name=torrentsites regexp="^.*(get|GET).+(torrent|\
    thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|\
    torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|\
    entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|\
    flixflux|seedpeer|fenopy|gpirate|commonbits).*\$\
    "

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Thu Mar 22, 2012 4:03 pm
by kennyolutola
thanks for this info...It worked perfectly....

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Thu Mar 22, 2012 6:28 pm
by ulikroessin
Hello and thank you for the information.

I have a question:
If they use it without the source-addresses it will work for the hole board if there are 3 wireless-client-cards with addresses 192.168.1.0, 192.168.2.0 and 192.168.3.0?

Or have I to write all the rules particular for each address?

Saludos

Uli

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Thu Mar 22, 2012 6:31 pm
by Zebble
ulikroessin, that will depend on how you setup your firewall rules that use the layer7 protocol filter. You can specific specific addresses, or not and have everything filtered...

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Thu Mar 22, 2012 7:43 pm
by ulikroessin
Thank you Zebble, but...well, more exactly my question:

I have a RB 333. Eth --> modem --> www, wlan1=192.168.1.0, wlan2=192.168.2.0, wlan3=192.168.3.0
At the wlans I have clients (hotspot/usermanager).

I want that the block-rules for p2p are working at all the 3 wlans.

I write this
name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$
in "ip firewall layer7-protocols".

In "ip firewall filter" I have to wirte this:
add chain=forward src-address=192.168.1.0/24 layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward src-address=192.168.1.0/24 protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward src-address=192.168.1.0/24 content=torrent action=drop comment=keyword_drop
add chain=forward src-address=192.168.1.0/24 content=tracker action=drop comment=trackers_drop
add chain=forward src-address=192.168.1.0/24 content=getpeers action=drop comment=get_peers_drop
add chain=forward src-address=192.168.1.0/24 content=info_hash action=drop comment=info_hash_drop
add chain=forward src-address=192.168.1.0/24 content=announce_peers action=drop comment=announce_peers_drop
...
add chain=forward src-address=192.168.1.0/24 p2p=all-p2p action=drop comment=p2p_drop
but 3 times (with the 3 src-addresses 192.168.1.0, 192.168.2.0 and 192.168.3.0)

or I can write it so (without the src-addresses) and it will work for all the 3 wlans:

add chain=forward layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward content=torrent action=drop comment=keyword_drop
add chain=forward content=tracker action=drop comment=trackers_drop
add chain=forward content=getpeers action=drop comment=get_peers_drop
add chain=forward content=info_hash action=drop comment=info_hash_drop
add chain=forward content=announce_peers action=drop comment=announce_peers_drop
...
add chain=forward p2p=all-p2p action=drop comment=p2p_drop


The last one (default rule) I´m using so since 1 year, without src-addresses, and hope it works. But I´m not sure...

Saludos

Uli

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Thu Mar 22, 2012 8:29 pm
by mahnet
has someone tried it successfully

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Thu Mar 22, 2012 10:12 pm
by ulikroessin
Hello again,

I try to test it and seems it works so, without addresses, but how I wrote - I´m not sure.
Here the config:
 > ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic 
 0   ;;; TCP Connection Limits
     chain=forward action=drop tcp-flags=syn protocol=tcp 
     src-address=1.......1.0/24 connection-limit=101,32 

 1   ;;; TCP Connection Limits
     chain=forward action=drop tcp-flags=syn protocol=tcp 
     src-address=1.......2.0/24 connection-limit=101,32 

 2   ;;; TCP Connection Limits
     chain=forward action=drop tcp-flags=syn protocol=tcp 
     src-address=1.......3.0/24 connection-limit=101,32 

 3   ;;; UDP Connection Limits
     chain=forward action=drop protocol=udp src-address=1.......1.0/24 
     connection-limit=71,32 

 4   ;;; UDP Connection Limits
     chain=forward action=drop protocol=udp src-address=1.......2.0/24 
     connection-limit=71,32 

 5   ;;; UDP Connection Limits
     chain=forward action=drop protocol=udp src-address=1.......3.0/24 
     connection-limit=71,32 

 6   ;;; Accept established connections
     chain=input action=accept connection-state=established 

 7   ;;; Accept related connections
     chain=input action=accept connection-state=related 

 8   ;;; Drop invalid connections
     chain=input action=drop connection-state=invalid 

 9   ;;; UDP
     chain=input action=accept protocol=udp 

10   ;;; p2p
     chain=forward action=drop p2p=all-p2p 

11   ;;; warez
     chain=forward action=drop p2p=warez 

12   ;;; kazaa
     chain=forward action=drop p2p=fasttrack 

13   ;;; block torrent sites
     chain=forward action=drop layer7-protocol=torrent-dns 

14   ;;; block torrent dns
     chain=forward action=drop protocol=udp layer7-protocol=torrent-dns 
     dst-port=53 

15   ;;; torrentsites
     chain=forward action=drop layer7-protocol=torrentsites 

16   ;;; keyword_drop
     chain=forward action=drop content=torrent 

17   ;;; trackers_drop
     chain=forward action=drop content=tracker 

18   ;;; get_peers_drop
     chain=forward action=drop content=getpeers 

19   ;;; info_hash_drop
     chain=forward action=drop content=info_hash 

20   ;;; announce_peers_drop
     chain=forward action=drop content=announce_peers 
And here the screenshot from the last hours:

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Fri Mar 23, 2012 5:07 am
by battumur
Thanks Zebble

I would like to know how to bandwidth limit on torrent. Because my some users need to torrent.
I have 30Mb, So I wanna use 4mb to torrent .

Please help me

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Sat Mar 24, 2012 11:48 pm
by Luth
ok, but if you want to *limit* p2p traffic?

I think that some one provide internet access can't "inspect" traffic that carry out but... bandwith cost lot of money so limit this type of traffic I'think is a good compromise!

So can you try to modify the solutions you have posted to a version that limit traffic instead of blocking?

Best regards!

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Fri Apr 06, 2012 10:21 pm
by ericsooter
Hello and thank you for the information.

I have a question:
If they use it without the source-addresses it will work for the hole board if there are 3 wireless-client-cards with addresses 192.168.1.0, 192.168.2.0 and 192.168.3.0?

Or have I to write all the rules particular for each address?

Saludos

Uli
I believe if you Layer 7 filter everything it will severely impact your routers CPU. So you want to make sure you have plenty of processing capacity before you do it. So with the smaller 400 series boards, I typically just filter selected users via IP address lists.

Eric

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Fri Jul 06, 2012 12:37 pm
by farazhamzaa
Yea this method is also working for me.

but in hotspot how can its possible for me to allow few clients to use torrent,p2p trafic. and block for remaining all others.

it is possible so?

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Wed Jul 18, 2012 10:48 pm
by dzany
This regxp in layer7 protocol works for me, but I set up round way through socks5 server for torrenting, and it's excluded from that rule, I cannot do it to myself to block torrents to my people :) Server used for socks5 is Dante :)

Please do not use this rule in bad manner :)

^(\x13bittorrent protocol|azver\x01$|get /scrape\?info_hash=get /announce\?info_hash=|get /client/bitcomet/|GET /data\?fid=)|d1:ad2:id20:|\x08'7P\)[RP]

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Thu Jul 19, 2012 6:39 am
by TKITFrank

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Wed Oct 02, 2013 1:45 pm
by bysard
It seems that these rules don't work anymore.

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Mon Feb 03, 2014 9:15 pm
by lsavvaid
/ip firewall filter
add action=drop chain=forward comment="P2P drop " disabled=no p2p=all-p2p
add action=drop chain=forward comment="more connection closed" disabled=no

this rule

add action=drop chain=forward comment="more connection closed" disabled=no


block all traffic my network ( rb433ah , bridge mode)

is correct?

the others works properly

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Mon Feb 03, 2014 9:20 pm
by lsavvaid
/ip firewall filter
add action=drop chain=forward comment="P2P drop " disabled=no p2p=all-p2p
add action=drop chain=forward comment="more connection closed" disabled=no
this rule : add action=drop chain=forward comment="more connection closed" disabled=no

block all traffic my network (rb433ah, bridge wlan1-eth1)

is correct?

all others rules works perfect

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Tue Jul 01, 2014 1:23 am
by joshamo
Hey guys! I have done this, and it works pretty great for what I needed, but I have one question. Is there a way to make it redirect to a website instead of just dropping? I want to tell all customers that it is against ToS to use torrents through a web page. Thanks

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Tue Jul 01, 2014 1:31 am
by joshamo
The only problem I really see with this, is that it blocks things for keywords. Like me making this post, since it has the keywords in it, I have to use a different gateway to post.. Any idea for a way around that?

Re: Block Torrents & p2p Traffic 100% working on all version

Posted: Tue Jun 09, 2015 9:11 pm
by spaxton
Hey guys! I have done this, and it works pretty great for what I needed, but I have one question. Is there a way to make it redirect to a website instead of just dropping? I want to tell all customers that it is against ToS to use torrents through a web page. Thanks

great! This would be very useful!

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Thu Aug 06, 2015 11:23 am
by Uqbar
Maybe I am wrong, but the proposed solution blocks the downloads of the .torrent files (GET) from known torrent repositories. This is of course important but not effective.
But it won't block the torrent protocol (file sharing) itself. Which is what I'd like to block, as torrent files can be exchanged via email or even through removable media.
Any idea?

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Thu Aug 06, 2015 11:54 pm
by Petzl
this even blocks news sites if there is something mentioned about torrents.

this does not work if you use https

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Mar 22, 2016 1:03 pm
by dunga
Asume you want to block torrent & p2p traffic on 192.168.1.0/24
replace ip according to your need



/ip firewall layer7-protocol>
use winbox to copy paste name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$


/ip firewall filter>
add chain=forward src-address=192.168.1.0/24 layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward src-address=192.168.1.0/24 protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward src-address=192.168.1.0/24 content=torrent action=drop comment=keyword_drop
add chain=forward src-address=192.168.1.0/24 content=tracker action=drop comment=trackers_drop
add chain=forward src-address=192.168.1.0/24 content=getpeers action=drop comment=get_peers_drop
add chain=forward src-address=192.168.1.0/24 content=info_hash action=drop comment=info_hash_drop
add chain=forward src-address=192.168.1.0/24 content=announce_peers action=drop comment=announce_peers_drop

& also use default rule to drop p2p traffic which alone is not working for me

add chain=forward src-address=192.168.1.0/24 p2p=all-p2p action=drop comment=p2p_drop


Enjoy :)
I just copied this from somewhere in the forum, I want to integrate it with blocking downloading of .mp3, *.mp4 etc, how will I add this to the l7-layer, is this one correct cus i dont see it catching any traffic

1./ip firewall layer7-protocol
add name=streaming2 regexp="\"^.*get.+\\\\.(3gp|mov|mpe|mpeg|mpeg2|mpeg3|mpeg4|mkv|avi|flv|f4v|f4p|f4a\
|f4b|x-flv|msi|wmv|mp2|mp3|mp4|swf|rm|rmvb|vcd|pdf|dat|iso|nrg|bin|cab|vcd|ogg|wma|divx|d2v|qt|0[0-9][0-9])

2. /ip firewall mangle
add action=mark-packet chain=prerouting comment="Mark Packet Streaming" disabled=no \
layer7-protocol=streaming new-packet-mark=streaming2 passthrough=no

You can adjust the max-limit to anything higher like 128k
3. /queue tree add name="streaming2" parent=global packet-mark=streaming2 limit-at=0 queue=default \
priority=8 max-limit=48k burst-limit=0 \
burst-threshold=0 burst-time=0s

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Mar 22, 2016 1:30 pm
by chechito
today there is so many ways of using torrent, because that blocking it is a never ending work

the main reason to block torrent is because use too much bandwidth

i think there is no need to block torrent i think is better to properly identify torrent and p2p traffic to give it a lower priority and control the congestion it generates and guarantee the good performance on the other applications

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Thu Mar 24, 2016 11:32 am
by Uqbar
I agree with chechito. The only "small problem"™ is to correctly identifying the torrent traffic.
Blocking the download of the torrent file itself is useless as torrents can be added manually from other sources.
I think that only Deep Packet Inspection can help.
Any ideas?

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Thu Mar 24, 2016 5:43 pm
by chechito
I agree with chechito. The only "small problem"™ is to correctly identifying the torrent traffic.
Blocking the download of the torrent file itself is useless as torrents can be added manually from other sources.
I think that only Deep Packet Inspection can help.
Any ideas?
in my case i have identified torrent traffic by discard, detecting another protocols and services usually leave me with torrent on the "unclassified" part of the traffic leaving it with low priority

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Thu Mar 24, 2016 7:54 pm
by Uqbar
in my case i have identified torrent traffic by discard
Do you mean "everything else" (everything but HTTP, HTTPS, SSH, SMTPS, IMAP4S POP3S..) is considered torrent?
If so, which protocols are you considering?
If not, please elaborate.
As I cannot really block P2P in general, I am trying to throttle "everything else".
The problem is that outgoing P2P can also go to TCP:80, TCP:443, TCP:53 and UDP:53 and so on...
In these cases throttling wouldn't apply. And this is why I am talking about DPI.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Fri Mar 25, 2016 2:46 am
by chechito
in my case i have identified torrent traffic by discard
Do you mean "everything else" (everything but HTTP, HTTPS, SSH, SMTPS, IMAP4S POP3S..) is considered torrent?
If so, which protocols are you considering?
If not, please elaborate.
As I cannot really block P2P in general, I am trying to throttle "everything else".
The problem is that outgoing P2P can also go to TCP:80, TCP:443, TCP:53 and UDP:53 and so on...
In these cases throttling wouldn't apply. And this is why I am talking about DPI.
people are using 80 and 443 and 53 or another well known ports because of the blocking, because that is better to throttle than blocking

and with throttle im referencing to give the torrent the possibility of using all the spare bandwidth not throttling it to a ridiculous speeds

Is not perfect but it works in many cases and its free

if some one need better detection of P2P is better to go with an expensive fortigate or another UTM and pay the expensive annual license fee

for example

fortigate 80d recommended for 65mbps of wan channel cost ~750US without services, and ~1.740US with 3 year service subscription that is ~330 US per year of subscription

fortigate 200d recommended for 150mbps of wan channel cost ~2.300US without services, and ~5.200US with 3 year service subscription that is ~960 US per year of subscription

fortigate 600d recommended for 1.100mbps of wan channel cost ~8.000US without services, and ~17.840US with 3 year service subscription that is ~3.280 US per year of subscription

fortigate 1500d recommended for 2.300mbps of wan channel cost ~30.000US without services, and ~66.900US with 3 year service subscription that is ~12.300 US per year of subscription

fortigate 3000d recommended for 6.000mbps of wan channel cost ~60.000US without services, and ~133.800US with 3 year service subscription that is ~24.600 US per year of subscription

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Fri Mar 25, 2016 8:17 am
by Uqbar
in my case i have identified torrent traffic by discard
Do you mean "everything else" (everything but HTTP, HTTPS, SSH, SMTPS, IMAP4S POP3S..) is considered torrent?
If so, which protocols are you considering?
If not, please elaborate.
As I cannot really block P2P in general, I am trying to throttle "everything else".
The problem is that outgoing P2P can also go to TCP:80, TCP:443, TCP:53 and UDP:53 and so on...
In these cases throttling wouldn't apply. And this is why I am talking about DPI.
people are using 80 and 443 and 53 or another well known ports because of the blocking, because that is better to throttle than blocking

and with throttle im referencing to give the torrent the possibility of using all the spare bandwidth not throttling it to a ridiculous speeds

Is not perfect but it works in many cases and its free

if some one need better detection of P2P is better to go with an expensive fortigate or another UTM and pay the expensive annual license fee

for example

fortigate 80d recommended for 65mbps of wan channel cost ~750US without services, and ~1.740US with 3 year service subscription that is ~330 US per year of subscription

fortigate 200d recommended for 150mbps of wan channel cost ~2.300US without services, and ~5.200US with 3 year service subscription that is ~960 US per year of subscription

fortigate 600d recommended for 1.100mbps of wan channel cost ~8.000US without services, and ~17.840US with 3 year service subscription that is ~3.280 US per year of subscription

fortigate 1500d recommended for 2.300mbps of wan channel cost ~30.000US without services, and ~66.900US with 3 year service subscription that is ~12.300 US per year of subscription

fortigate 3000d recommended for 6.000mbps of wan channel cost ~60.000US without services, and ~133.800US with 3 year service subscription that is ~24.600 US per year of subscription
So, was I right?
I mean, do you simply throttle "everything else" but a bunch of "well known useful protocols"?

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Fri Mar 25, 2016 5:15 pm
by chechito
So, was I right?
I mean, do you simply throttle "everything else" but a bunch of "well known useful protocols"?
yes i priorize traffic in this order:

tcp ack packets, dns, icmp, udp traffic whit characteristics matching most voip and gaming apps, vpns, rdp, http small traffic connections, http big traffic connections, mail connections, other udp tcp small traffic connections.

the remaining traffic are other tcp and udp connections with big traffic, torrent transfer get on this category

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Sun Jun 05, 2016 11:27 pm
by loveman
add chain=forward src-address=192.168.1.0/24 p2p=all-p2p action=drop comment=p2p_drop


not working
buz i need to drop "psiphon vpn" from server ,,

how can drop that p2p buz drop vpn?

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Feb 07, 2017 2:32 pm
by djeniuss
I have tried all the methods posted above and torrents still download.I am new to Mikrotik. Please help

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Feb 07, 2017 3:01 pm
by Uqbar
I started by dropping all incoming TCP and UDP traffic (all of it) but those services that go to DMZ.
So there's no traffic going to LAN, which means "low ID" in the P2P lingo.

Then I started throttling (I'd like to drop, actually) all outgoing traffic from LAN with UDP ports other than 53 (DNS) and 123 (NTP) and TCP ports higher than 1023.

My situation is much better now, while still not completely closing P2 traffic.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Sun Nov 12, 2017 4:26 am
by fiery2
This thread is somewhat old but gold.
On theory,wouldnt it any better if we throthle or drop connection exceed certain threshold?
Afterall,nobody but the most determined user would download torrent with low seed/peer per downloaded file?

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Sun Nov 12, 2017 9:40 am
by Jotne
You can throttle download traffic, but you cant separate download from a web site and download from a p2p site, so you would throttle all download.
When p2p traffic is encrypted, it blends inn to normal traffic.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Sun Nov 12, 2017 10:14 am
by Uqbar
The torrent file download is not the torrent traffic.
I don't really mind about downloading torrent files: they can be a few megs, even a dozen, and then it's done.
Torrent traffic is about large movies (from a few gigas to a hundred), mostly all pirated contents.
And you can bring torrent files into the network with (s)ftp, email, chat, https and so on, not just HTTP.
The L7 matcher can be defied by E2E cryptography, so only TCP and UDP ports remain to be used.
I still think my approach is the one that can reliably give some results. Even if they won't really block torrent and other p2p traffic.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Mon Mar 26, 2018 5:27 pm
by shiyarrohit
Its Not Working IN mikrotik modelno. CCR1072-1G-8S+ FIRMWARE :6.41.3

PLEASE HELP

Asume you want to block torrent & p2p traffic on 192.168.1.0/24
replace ip according to your need



/ip firewall layer7-protocol>
use winbox to copy paste name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$


/ip firewall filter>
add chain=forward src-address=192.168.1.0/24 layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward src-address=192.168.1.0/24 protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward src-address=192.168.1.0/24 content=torrent action=drop comment=keyword_drop
add chain=forward src-address=192.168.1.0/24 content=tracker action=drop comment=trackers_drop
add chain=forward src-address=192.168.1.0/24 content=getpeers action=drop comment=get_peers_drop
add chain=forward src-address=192.168.1.0/24 content=info_hash action=drop comment=info_hash_drop
add chain=forward src-address=192.168.1.0/24 content=announce_peers action=drop comment=announce_peers_drop

& also use default rule to drop p2p traffic which alone is not working for me

add chain=forward src-address=192.168.1.0/24 p2p=all-p2p action=drop comment=p2p_drop


Enjoy :)

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 10:41 am
by noemie
Hi!
I followed your tutorial and it's perectly work on my router ! Thank you a lot !
(I work for a small french ISP and we receive letters from Hadopi, so we are searching a solution to limit the illegal download ^^ )

I have a question, maybe it will sounds stupid for you, but this code :
/ip firewall layer7-protocol>
use winbox to copy paste name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$
Can we complete it with another "keyword", another website name ?
Is it this ? A sort of list of torrent sites names ?


Thank you again !
Noémie

PS : sorry for my bad english, I'm french :)

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 11:07 am
by Uqbar
Hi!
I followed your tutorial and it's perectly work on my router ! Thank you a lot !
(I work for a small french ISP and we receive letters from Hadopi, so we are searching a solution to limit the illegal download ^^ )

I have a question, maybe it will sounds stupid for you, but this code :
/ip firewall layer7-protocol>
use winbox to copy paste name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$
Can we complete it with another "keyword", another website name ?
Is it this ? A sort of list of torrent sites names ?


Thank you again !
Noémie

PS : sorry for my bad english, I'm french :)
This will only block the download of a torrent file, not the torrent traffic itself.
Try to first download the torrent file, then enable the rules and finally ask your torrent client to load the torrent file to start the p2p exchange.
You will see the p2p traffic bidirectionally flowing unimpeded!

P.S.
I am even more sorry for my english: I am Italian! ;-)

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 12:28 pm
by noemie
This will only block the download of a torrent file, not the torrent traffic itself.
Try to first download the torrent file, then enable the rules and finally ask your torrent client to load the torrent file to start the p2p exchange.
You will see the p2p traffic bidirectionally flowing unimpeded!
Hi!
I don't want to block it (we can't ! Because gaming used p2p, for example, and it's perfectly legal) !
I just want to identify the customers who try to download and then, limits their bandwhidth, send them an email, things like that !
P.S.
I am even more sorry for my english: I am Italian! ;-)
Hello from France ;)

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 1:29 pm
by Uqbar
This will only block the download of a torrent file, not the torrent traffic itself.
Try to first download the torrent file, then enable the rules and finally ask your torrent client to load the torrent file to start the p2p exchange.
You will see the p2p traffic bidirectionally flowing unimpeded!
Hi!
I don't want to block it (we can't ! Because gaming used p2p, for example, and it's perfectly legal) !
I just want to identify the customers who try to download and then, limits their bandwhidth, send them an email, things like that !
P.S.
I am even more sorry for my english: I am Italian! ;-)
Hello from France ;)
Well, the OP titled this thread as "Block Torrents & p2p Traffic 100% working" so I thought the topic was still sticking.
Anyway, blocking the download of torrent files alone from a selected set or URLs sounds to me like a waste of time as you can download them throug POP3, IMAP4, FTP and so on. Those won't be blocked.
Anyway, you are right. P2P (DHT) is being used for a number of purposes that cannot easily be told apart from each other.
I think now this thread title is misleading for two reasons:
1. you cannot block (real) P2P traffic based upon specific usage (lawful vs unlawful)
2. the proposed solution doesn't "Block Torrents & p2p Traffic" at all.

Rule, Europa! Rule the waves!

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 5:23 pm
by noemie
Anyway, you are right. P2P (DHT) is being used for a number of purposes that cannot easily be told apart from each other.
I think now this thread title is misleading for two reasons:
1. you cannot block (real) P2P traffic based upon specific usage (lawful vs unlawful)
2. the proposed solution doesn't "Block Torrents & p2p Traffic" at all.
Yep ! This is why I used this topic to mark people who have visited torrent website.
I will make a blacklist of torrent website, with a web proxy in MK. (I mean, I will try ! I know that it will not work at 100%)
And, finally, I am searching of how to see who is using the most bandidth, to then limit only him, get his IP address, send him an email... etc ! :)
(And I take the opportunity to ask you if you have any idea of how to manage that :) )

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 6:45 pm
by tippenring
Hello from the US.

Why would you want to block torrents? It is often legitimate traffic. Perhaps torrents are sometimes used to copy copyrighted content without appropriate license, but that is on the person making the illegal copy.

The ISP cannot know if a torrent is legal or illegal without confronting the customer to check their license for the content.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 8:33 pm
by Uqbar
Hello from the US.

Why would you want to block torrents? It is often legitimate traffic. Perhaps torrents are sometimes used to copy copyrighted content without appropriate license, but that is on the person making the illegal copy.

The ISP cannot know if a torrent is legal or illegal without confronting the customer to check their license for the content.
Blocking can also be shaping (or queueing in mikrotik lingo).
P2P traffic creates sustained loads in both directions and can be overkilling for most WANs.
I cannot and don't want to tell legitimate from unlegitimate content access: no sane net admin would.
Being able to tell P2P traffic from other things would be interesting. It seems it's impossible at the moment.
What I can do at the moment is to shape high TCP/UDP port traffic, but that's neither enough nor proper.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 9:26 pm
by tippenring
Blocking can also be shaping (or queueing in mikrotik lingo).
P2P traffic creates sustained loads in both directions and can be overkilling for most WANs.
I cannot and don't want to tell legitimate from unlegitimate content access: no sane net admin would.
Being able to tell P2P traffic from other things would be interesting. It seems it's impossible at the moment.
What I can do at the moment is to shape high TCP/UDP port traffic, but that's neither enough nor proper.
It seems to me if an ISP offers a customer bandwidth, say 1M up and 10M down for example, then the ISP is obligated to deliver 1M up and 10M down 99% of the time. After all, that's what the customer was sold.

If an ISP can't deliver promised bandwidth in aggregate due to oversubscription, overutilized gear, or any other cause, then the ISP needs to establish more bandwidth at the point of congestion. Sure, it can be expensive, but lying to the customers about the service an ISP is capable of providing can also be expensive.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 10:35 pm
by Uqbar
I have 100mbps symmetrical.
One or two clients doing BitTorrent with a few files to be shared are enough to eat 50+% of the available bandwidth.
This is why I mind about p2p!

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 10:57 pm
by tippenring
I have 100mbps symmetrical.
One or two clients doing BitTorrent with a few files to be shared are enough to eat 50+% of the available bandwidth.
This is why I mind about p2p!
I've managed networks for a few small ISPs over the years. I admit I don't know your environment at all, so I'm just making uninformed opinions here. It seems to me with 100Mbps symmetric, why not offer the customers something like 1M up and 5M down or something similar? Depending on the number of subscribers, that might be a reasonable balance of bandwidth offering, and oversubscription could be more reasonably managed. The queues could even be set up in such a way that users exceed the max subscribed bandwidth when it's available if you wanted.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 10:59 pm
by Uqbar
I am not an ISP. I manage a company network with BYOD policy.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Apr 17, 2018 11:17 pm
by tippenring
I am not an ISP. I manage a company network with BYOD policy.
Well that totally changes my opinion. :-) I thought you were an ISP.

In that case, you get to do whatever you want with the bandwidth that you provide to your employees.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Wed Apr 18, 2018 9:43 am
by noemie
It seems to me if an ISP offers a customer bandwidth, say 1M up and 10M down for example, then the ISP is obligated to deliver 1M up and 10M down 99% of the time. After all, that's what the customer was sold.

If an ISP can't deliver promised bandwidth in aggregate due to oversubscription, overutilized gear, or any other cause, then the ISP needs to establish more bandwidth at the point of congestion. Sure, it can be expensive, but lying to the customers about the service an ISP is capable of providing can also be expensive.
You're right! But we receive letters from Hadopi and I think it will be temporary ! Just the time to send an email to the customers, or something like that, we will limit his bandwidth. Basically, my boss want me to directly send an email to the customers, to make him confirm that he might be do something illegal and if it is, he have risk consciousness.
We will not blocking p2p, it's impossible and we know :)
But this letters...

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Wed Apr 18, 2018 10:18 am
by Uqbar
It seems to me if an ISP offers a customer bandwidth, say 1M up and 10M down for example, then the ISP is obligated to deliver 1M up and 10M down 99% of the time. After all, that's what the customer was sold.

If an ISP can't deliver promised bandwidth in aggregate due to oversubscription, overutilized gear, or any other cause, then the ISP needs to establish more bandwidth at the point of congestion. Sure, it can be expensive, but lying to the customers about the service an ISP is capable of providing can also be expensive.
You're right! But we receive letters from Hadopi and I think it will be temporary ! Just the time to send an email to the customers, or something like that, we will limit his bandwidth. Basically, my boss want me to directly send an email to the customers, to make him confirm that he might be do something illegal and if it is, he have risk consciousness.
We will not blocking p2p, it's impossible and we know :)
But this letters...
Checking the legitimacy of any traffic falls far beyond the responsibilities and the capabilities of a network manager.
Being her an ISP or not is irrelevant here.
If you limit your customer bandwidth at large, you will end breaking the relationship: you'll be slowing down your customer bandwidth for everything, not just P2P.

This is why I aim at identifying the P2P traffic (BitTorrent, DHT-based protocols and the likes).
If I succeed I can do something: blocking, limiting ...
If I cannot, then I have little to discuss.

Again, downloading a torrent file is NOTHING.

Have you tried to use a recent BitTorrent client with "KAD support"?
It doesn't need any torrent file but just the hash value, a string you can get by email or on the web.
The DHT will make the "rest of the magics", by just requiring some more time to "look" for a list of suitable peers.
So you won't be able to block or shape anything as even the torrent file is not needed any more.

You can only block everything, as they can be using "low ports" and apply a "light disguise" to the traffic as P2P can use any TCP and UDP ports from 1 to 65535!

What I see doable here is to allow "low ports" and a few "high ports" and block or limit the bandwidth to anything else.
It's more like "traffic containment" than "traffic control", but I see no option here.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Wed Apr 18, 2018 12:22 pm
by noemie
This is why I aim at identifying the P2P traffic (BitTorrent, DHT-based protocols and the likes).
If I succeed I can do something: blocking, limiting ...
If I cannot, then I have little to discuss.

Again, downloading a torrent file is NOTHING.

Have you tried to use a recent BitTorrent client with "KAD support"?
It doesn't need any torrent file but just the hash value, a string you can get by email or on the web.
The DHT will make the "rest of the magics", by just requiring some more time to "look" for a list of suitable peers.
So you won't be able to block or shape anything as even the torrent file is not needed any more.

You can only block everything, as they can be using "low ports" and apply a "light disguise" to the traffic as P2P can use any TCP and UDP ports from 1 to 65535!

What I see doable here is to allow "low ports" and a few "high ports" and block or limit the bandwidth to anything else.
It's more like "traffic containment" than "traffic control", but I see no option here.
I have thinking about port mirroring and wireshark to check if the customers is downloading something.
What do you think about this solution ?
Anyway it's impossible to identify if the customers is doing something illegal... :/
(And I don't know DHT ! Thanks for this information ! I found on the forum a guy who block this type of traffic by using DNS static and some things like that. )

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Wed Apr 18, 2018 1:13 pm
by Uqbar
This is why I aim at identifying the P2P traffic (BitTorrent, DHT-based protocols and the likes).
If I succeed I can do something: blocking, limiting ...
If I cannot, then I have little to discuss.

Again, downloading a torrent file is NOTHING.

Have you tried to use a recent BitTorrent client with "KAD support"?
It doesn't need any torrent file but just the hash value, a string you can get by email or on the web.
The DHT will make the "rest of the magics", by just requiring some more time to "look" for a list of suitable peers.
So you won't be able to block or shape anything as even the torrent file is not needed any more.

You can only block everything, as they can be using "low ports" and apply a "light disguise" to the traffic as P2P can use any TCP and UDP ports from 1 to 65535!

What I see doable here is to allow "low ports" and a few "high ports" and block or limit the bandwidth to anything else.
It's more like "traffic containment" than "traffic control", but I see no option here.
I have thinking about port mirrorring and wireshark to chek if the customers is download something.
What do you think about this solution ?
Anyway it's impossible to identify if the customers is doing something illegal... :/
(And I don't know DHT ! Thanks for this information ! I found on the forum a guy who block this type of trafic by using dns static and some things like that. )
Almost all P2P traffic is encrypted, thus inspecting the content wouldn't help much.
Moreover, even if is wasn't encrypted but just "compressed" with your favorite tool, it would require you to first download all the stuff, uncompress it and then check.
In that case the download wouldn't be blockable as it had already happened.
Wireshark on a mirrored port is a very powerful tool. But only if you know what you are looking for.
I know a large company that stores for a few weeks all traffic (but not the payloads) coming from mirrored ports for late analysis and statistics.
They can look for specific events.
But, yet, you need to know what to search for.
If you do know, than you don't need Wireshark.

It could make some sense to use nTop or a similar tool to analyze the actual traffic in real-time.
While you wouldn't still be able to see the payloads themselves, you could have a rather precise idea of the type of traffic and its endpoints and, with some training, be able to tell a good P2P from a bad one.
You could then decide to block or slow down that type of traffic based upon IPs and TCP/UDP ports.
If you want to have a precise real-time idea about your traffic, then you really need nTop.

Finally whatever solution is based on the DNS, it is trying to block the download of torrent files.
Which isn't required any more with "KAD" enabled: the torrent file di retrieved from the P2P network itself.

I'd like you to test the BT+KAD download with your favorite client.
For example, the official Ubuntu 16.04 server ISO file is also available on BitTorrent.
Its hash (as in DHT=distributed hash tables) is a49cd0d5abc633e1ee2ad1fee8ced66614415ceb.
Try using this string to download the file.
It takes just a few minutes more than a regular download with a torrent file.
Once the download is started it will have very same speed as a regular BitTorrent download.
DHT is really a P2P protocol (actually a technology) where now server is needed.
The regular BitTorrent requires a torrent file to be downloaded from a server and there are dozens of "torrent caches" from which you can download them.
The point is that those caches don't (because they cannot) check for the legitimacy of each single torrent.
With the DNS you block the access to those caches and think you are blocking BitTorrent.
But you are not.

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Mon Mar 09, 2020 10:39 am
by andresbudihardja
it shows "p2p matcher is obsolete please use layer7 matcher instead"

Re: Block Torrents & p2p Traffic 100% working on all versions

Posted: Tue Mar 10, 2020 4:37 am
by macsrwe
And layer7 matcher is practically obsolete, because everyone uses tunnels now. You are chasing a dragon here.