Hi,
I know this is a many times repeated thread/request.
But, I had a firewall/filter in place which I got from here somewhere.
I can't seem to find what I'm looking for anymore.
Just, a P2P filter I can install on my RB750G that tells me which IP on my network is abusing/using bittorrent P2P.
Then I can warn them directly. It worked in the past. I simply sent them an email/copy of email from my provider, stating that I will be shutdown if P2P persists.
I generally don't have more than 20-30 users at a time, and I can tell who's new and who's been on system for awhile.
Anyone?

Will add the source IP address of all p2p traffic to an address list named 'p2p-users' for 1 week, filtered to only addresses in the 192.168.1.0/24 range (adjust for your users). Periodically inspect the list for IPs and track them back to users.

Does that help? I don't know what you used originally. That could be kind of expensive to run on an RB750G depending on throughput. Finding p2p traffic requires a lot of work from the processor.

Code: Select all

/ip firewall filter
add chain=forward p2p=all-p2p action=mark-connection new-connection-mark=p2p-traffic
add chain=forward connection-mark=p2p-traffic src-address=192.168.1.0/24 action=add-to-address-list address-list-timeout=1w address-list=p2p-users

Will add the source IP address of all p2p traffic to an address list named 'p2p-users' for 1 week, filtered to only addresses in the 192.168.1.0/24 range (adjust for your users). Periodically inspect the list for IPs and track them back to users.

Does that help? I don't know what you used originally. That could be kind of expensive to run on an RB750G depending on throughput. Finding p2p traffic requires a lot of work from the processor.

Thanks fewi,
That is definitely quite a bit more concise.
I believe the previous code had "bittorrent" and such words which additionally kept people from even looking for bittorrent sites.
Which is not really want I want.
Just a simple "let me know it's happenning" filter, should be fine.
I'll run it.
------------------
Please forgive the noob syntax error.
But, when I run your filter. I get the below error.
I tried it outside of command line, no luck.
What do i need to learn/change to get paste your filter properly?
------------------------------------------------

[admin@MikroTik] /ip firewall filter> add chain=forward p2p=all-p2p action=mark-connec
tion new-connection-mark=p2p-traffic
syntax error (line 1 column 38)
[admin@MikroTik] /ip firewall filter> add chain=forward connection-mark=p2p-traffic sr
c-address=192.168.88.0/24 action=add-to-address-list address-list-
syntax error (line 1 column 82)
[admin@MikroTik] /ip firewall filter>
[admin@MikroTik] /ip firewall filter> timeout=1w address-list=p2p-users
syntax error (line 1 column
[admin@MikroTik] /ip firewall filter>
--------------------------------
You can probably tell by looking at the above, but the error starts on the "m" of "mark-connection new-connection-mark=p2p-traffic
line.
Thanks
-----------------------------

Ok, I believe I got it.
This look ok?
---------------------

11 chain=forward action=accept p2p=all-p2p connection-state=new
connection-mark=mark

12 chain=forward action=add-src-to-address-list p2p=all-p2p
src-address=192.168.88.0/24 address-list=p2p users
address-list-timeout=1w connection-mark=mark
-----------------------------------------------------------
That may not be right either.
I'll figure it out, just discovered the proper syntax troubleshooter.