Monday, 24 July 2017

MIKROTIK:How to block torent in your network using Layer 7

Step-1

Use this layer 7 regular expression for marking all the torrent contents .



/ip firewall layer7-protocol
add comment="All Torentz" name=layer7-bittorrent-exp regexp="^(\\x13bitt\
    orrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?inf\
    o_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[\
    RP]"


 Create the filter rule for marking the traffic of torrent users .
Step-2

 /ip firewall filter
add action=add-src-to-address-list address-list=Torrent-Conn \
    address-list-timeout=2m chain=forward layer7-protocol=\
    layer7-bittorrent-exp src-address=10.10.10.0/24 src-address-list=\
    !allow-bit
add action=add-src-to-address-list address-list=Torrent-Conn \
    address-list-timeout=2m chain=forward p2p=all-p2p src-address=\

    10.10.10.0/24 src-address-list=!allow-bit

Block these ports for torrents's peer establishment .

 Step-3

 /ip firewall filter
add action=drop chain=forward dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=tcp \
    src-address-list=Torrent-Conn
add action=drop chain=forward dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=udp \

    src-address-list=Torrent-Conn

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)