on one of our towers nearly everybody uses p2p-programs. There are five ap-bridges with about 30 logged in users each. I set up RouterOS v3.0rc6 on a x86 system with two nic's as a transparent bridge, this looks like this:
I tried to limit each users p2p traffic to a maximum of 10 simultaneous connections:
> ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=drop p2p=all-p2p protocol=tcp connection-limit=8,32
You can see in the connections list that p2p traffic (bittorrent) is detected and counters of the filter-rule go up but it has no effect on the users even when u limit p2p to 1,32. The performance of normal customers is bad, high packetloss - I think you know what I mean. if the bad guys are blocked "by hand" (RADIUS don't let them login to the ap-bridges) everthing works fine, but this is not what I want.
The firewall on the bridge is enabled, con-tracking is enabled too.
Would Layer7 firewall be better in this case?