It seems like most members of this community are interested in exploring methods for blocking BitTorrent traffic, but I have an idea for something a little different. My goal will be to implement a BitTorrent "blocklist" at the router level to block malicious IP addresses, but allow BitTorrent traffic from all other IP addresses. I use this one which contains roughly a quarter million entries, if I remember correctly. I would like to implement this list in a firewall filter triggered by my BitTorrent client's port, though I am open to suggestions on this.
I did several searches with this criteria, but to no avail. Since I am relatively new to Mikrotik, I'd appreciate the input and criticism of the community's more seasoned users. Any direction on this will help.
Thanks!
Re: BitTorrent blocklist at the router level
An address list with 250,000 entries would probably slow your router to a crawl. Just importing it (including on reboots) will slow the router to a crawl for several minutes. It would only be possible on models with quite a lot of RAM. You would have to very carefully construct the filter rule set to hit that rule as little as possible.
Re: BitTorrent blocklist at the router level
Additionally, the list would probably have to update at least weekly. You cannot process that right on the router, since the scripting language cannot process files larger than 4k. Even if the file containing the IP addresses was so simply as to only contain one IP per line, on average a single IP would be 2*4 + 3 + 1 bytes in text format, so you couldn't store more than 331 addresses in that file.
Re: BitTorrent blocklist at the router level
That was my concern. I assume then that this sort of implementation is just not practical.
Re: BitTorrent blocklist at the router level
Sorry to be posting in bursts. Kinda preoccupied today.
That all said, you'd have to externally generate scripts in the following format. It assumes an address list of 'bad-hosts' that is used to block traffic with on tcp/10000 to host 192.168.1.100 - replace that with your torrent port, and torrent host.
Your external script would produce that as output and apply it to the router - upload manually as a.rsc file and /import it, or run equivalent commands via the API, or copy/paste it in bits. Then the firewall filter rules would look something like this:
Again, I don't think that will scale well.
That all said, you'd have to externally generate scripts in the following format. It assumes an address list of 'bad-hosts' that is used to block traffic with on tcp/10000 to host 192.168.1.100 - replace that with your torrent port, and torrent host.
Code: Select all
/ip firewall address-list
remove [find]
add list=bad-hosts address=1.1.1.1
add list=bad-hosts address=2.2.2.2Code: Select all
/ip firewall filter
add chain=forward connection-state=established action=accept
add chain=forward connection-state=related action=accept
add chain=forward connection-state=invalid action=drop
add chain=forward dst-address=192.168.1.100 protocol=tcp dst-port=10000 src-address-list=bad-hosts action=drop
add chain=forward dst-address=192.168.1.100 protocol=tcp dst-port=10000 action=acceptWho is online
Users browsing this forum: No registered users and 30 guests