MikroTik

Here my most simple and effective method.
_____________________________________________________________________________________________
/ip f f
a ac=d ch=forward p2=all
a ac=d ch=forward in-i=e3 prot=udp cont="d1:ad2:id20:" dst-p=1025-65535 packet-s=95-190 com="torrent-DHT-Out-Magnet d1:ad2:id20:"
a ac=d ch=forward in-i=e3 prot=tcp cont="info_hash=" dst-p=2710,80 com="torrent /announce..."

rule №1 - Classic non-security torrent - It is a little used
rule №2 - block outgoing DHT (for .torrent and magnet )
rule №3 - block outgoing TCP announce (for .torrent) or Layer7 Rule - [\?\&]info_hash=.?\%
______________________________________________________________________________________________
this rule №4 - prohibits download .torrent files.
a ac=d ch=forward cont="\r\nContent-Type: application/x-bittorrent" out-i=e3 prot=tcp src-p=80 com=".torrent \r\nContent-Type...."

Rule №4 - version 2.
a ac=d ch=forward cont="\r\n\r\nd8:announce" out-i=e3 prot=tcp src-p=80 com=".torrent \r\nContent-Type...."

Paste this command only from the console. Because there is \r\n
_______________________________________________________________________________________________
this rule №5 - block LocalBroadcast OutGoing Torrent UDP (Destination MAC: 01:00:5E:40:98:8F)(Destination IP: 239.192.152.143:6771) (It is not required, Not necessarily)
a ac=d ch=forward cont="\r\nInfohash: " in-i=e3 prot=udp dst-p=6771 com="torrent 6771 block Local Broadcast ..."
Or it is even simpler - rule №5
a ac=d ch=forward in-i=e3 pr=u dst-p=6771
Paste this command only from the console. Because there is \r\n
________________________________________________________________________________________________

e3=ether3 - LAN



Tested on
uTorrent 3.30
Azureus 2.5.0.0
BitTorrent/4.1.2
BitComet/1.36.5.2
mediaget/2.01.2359

I used sniffer CommView

________________________________________________________
DHT Outgoing UDP:

È.©!âq..BÔFÙ..EX
._.u..r.YÜÕ¨:’À¨
..‹k .Kk#d1:ad2
:id20:.×Ù¹¾Z5~'H
óYT….Tu³?e1:q4:
ping1:t4:U&.—1:v
4:UTs¹1:y1:qe

________________________________________________________
ANNOUNCE Outgoing TCP

GET /scrape.php?ak=11c35dbe37&&info_hash=%f7%9f%25%e6XA%e8bJ%27%3c%a0%7d%fa%8cQ%fd%3e%e3%c5 HTTP/1.1
Host: tracker.tfile.me %87%ee%ac9%95%e5%2f%acQw%cc%80%a9%bf%ea%e6%02%
User-Agent: uTorrent/3300(29544)
Accept-Encoding: gzip
Connection: Close

GET /001deb4fb4e08d85d887783284607ce2/scrape?info_hash=y%87%ee%ac9%95%e5%2f%acQw%cc%80%a9%bf%ea%e6%02%16_ HTTP/1.1
Host: bt.nnm-club.ru:2710
User-Agent: uTorrent/3300(29544)
Accept-Encoding: gzip
Connection: Close

User-Agent: uTorrent/3300(29544)
User-Agent: Azureus 2.5.0.0
User-Agent: BitTorrent/4.1.2
User-Agent: BitComet/1.36.5.2
User-Agent: mediaget/2.01.2359/
User-Agent: Mozilla/4.0

________________________________________________________
.torrent-link - Incoming TCP

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 07 Jun 2013 01:28:52 GMT
Content-Type: application/x-bittorrent
Content-Length: 13096
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: phpbb2mysql_4_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A7%3A%221960783%22%3B%7D; expires=Sat, 07-Jun-2014 01:28:50 GMT; path=/; domain=.nnm-club.ru
Set-Cookie: phpbb2mysql_4_sid=6145015fdfbd1249988a0d51c227a91b; path=/; domain=.nnm-club.ru
Content-Disposition: attachment; filename="[NNM-Club.ru]_Kisti.torrent"
X-Backend-Status: BYPASS
X-Frontend-Status: BYPASS

d8:announce68:
http://bt.nnm-club.ru:2710/001deb4f8ee5 ... e-listll68:
http://bt.nnm-club.ru:2710/001deb4f8ee5 ... announce70:
http://bt.nnm-club.info:2710/001deb4f8e ... ounceel189:
http://retracker.local/announce.php?size=73663513
&comment=http%3A%2F%2Fnnm-club.ru%2Fforum%2Fviewtopic.php%3Fp%3D5651127
&name=%CA%E8%F1%F2%E8+-+%CA%E8%F1%F2%E8+%E4%EB%FF+Photoshop+%5BABR%5Dee7:comment48:
http://nnm-club.ru/forum/viewtopic.php? ... 10:created by13:uTorrent/204013:creation datei1369771330e8:encoding5:
UTF-84:infod5:filesld6:lengthi393490e4:pathl5:1.jpgeed6:lengthi220755e4:pathl5:2.jpgeed6:lengthi903549e4:pathl5:3.jpgeed6:
lengthi490880e4:pathl8:bone.abreed6:lengthi1116986e4:pathl24:chokingonstatic_film.abreed6:lengthi1662462e4:pa.......

________________________________________________________
BroadCast Local Torrent OutGoing UDP

BT-SEARCH * HTTP/1.1
Host: 239.192.152.143:6771
Port: 41104
Infohash: 47B5A38DD14EC71478EC503B7E3E19E61E230A41

Thanks for sharing

great work .....

thanks.

Look like works only for nnm-club tracker...

№2 has been added from nnm-club and really blocked, №1,3 from another's trackers..

Give me the URL of trackers
I will check more

Give me the names of trackers
I will check more

tfile.me

I Fixed the rule №2. Пользуйтесь на здоровье.
You check how it works

I checked these torrents - All successfully blocked

tfile.ru
opensharing.org
rutor.org
sharlet.net
fast-torrent.ru
torrent-poisk.com
hdreactor.org
unionpeer.org
streamzone.org
megashara.com
riper.am
goldenshara.com
seedoff.net
kinomagia.tv
torrent.rus.ec
pirat.ca
kinozal.tv
kinokopilka.ru
bigtracker.org
torzona.ru
bigtracker.org
torzone.org
tsearch.iimedia.ru

Hi, can you please re-post the updated commands?

Thanks

Add to wiki?

Add to wiki?

+1

In The Mikrotik All commands can be shortened
example:

/ip f f ----> / ip firewall filter
a ac=d ch=forward ----> add action=drop chain=forward

can you please post updated commands

how can i use for below scenario including with squid server.

thank you

/ip firewall filter
add action=drop chain=forward disabled=no p2p=all-p2p
add action=drop chain=forward comment="torrent dht out magnet" content=d1:ad2:ad20 disabled=no dst-port=1025-65535 packet-size=95-190 protocol=udp
add action=drop chain=forward comment=info_hash content=info_hash disabled=no dst-port=2170,80 protocol=tcp

Is the above mentioned a correct interpretation of what has been suggested. I have only not mentioned the IN-INTERFACE so that any traffic detected on any port is stalled.
Is the dst-port=2170.80 correct.
Please suggest.

Updated commands without 'IN INTERFACE' defined because not all of us have an E3 interface

/ip f f
a ac=d ch=forward p2=a
a ac=d ch=forward pr=u cont="d1:ad2:id20:" dst-p=1025-65535 packet-s=95-190 com="torrent-DHT-Out-Magnet d1:ad2:id20:"
a ac=d ch=forward pr=t cont="info_hash=" dst-p=2710,80 com="torrent /announce..."

You can then edit with Winbox the 2nd and 3rd rule for the IN Interface to be from your user network.

not work at all with vuze
ant i tested some torrent downloads, the rule is not working for me
but torrent-traffic is perfectly block for uTorrent and MediaGet

I have implemented these rules successfully a few days ago. I would like to create routing marks out of those rules to be albe to route p2p through a different gateway. If anyone has done that already please let me know.

ros code

add action=drop chain=forward comment="TORRENT No 1: Classic non security torrent" disabled=no p2p=all-p2p
add action=drop chain=forward comment="TORRENT No 2: block outgoing DHT" content=d1:ad2:id20: disabled=no dst-port=1025-65535 packet-size=95-190 protocol=udp
add action=drop chain=forward comment="TORRENT No 3: block outgoing TCP announce" content="info_hash=" disabled=no dst-port=2710,80 protocol=tcp
add action=drop chain=forward comment="TORRENT No 4: prohibits download .torrent files. " content="\r\nContent-Type: application/x-bittorrent" disabled=no protocol=tcp src-port=80
add action=drop chain=forward comment="TORRENT No 5: 6771 block Local Broadcast" content="\r\nInfohash:" disabled=no dst-port=6771 protocol=udp

when i paste the code into the winbox terminal i get this error

you forgot the "add" in front of your comment, thats why it fails on the syntax.

when i even add the add it is still the same error i am using ros 6.3 version

when i even add the add it is still the same error i am using ros 6.3 version

thr seems to be an extra space after"="

when i even add the add it is still the same error i am using ros 6.3 version

i thing u have extra space after"="

Works for me - Good work!

Tested on secure encrypted and non secured torrents.
I wonder if you can take this concept and shape the traffic instead of dropping everything.
I created some mangles instead of filters by marking the connections and packets and adding that to a queue.
It works with no secured torrents in some way (only downloaded traffic), but when I encrypt the torrents, it has a mind of its own.
The queue is fully occupied but traffic is still more than specified.

Here is what I've got.

/ip firewall mangle
add action=mark-connection chain=forward comment=\
"TORRENT No 1: Classic non security torrent" disabled=yes \
new-connection-mark=dst-p2p-conn p2p=all-p2p
add action=mark-packet chain=forward connection-mark=dst-p2p-conn disabled=\
yes new-packet-mark=dst-p2p-packet
add action=mark-connection chain=forward comment=\
"TORRENT No 2: block outgoing DHT" content=d1:ad2:id20: disabled=yes \
dst-port=1025-65535 in-interface=ether1 new-connection-mark=p2p-out-DHT \
packet-size=95-190 protocol=udp
add action=mark-packet chain=forward connection-mark=p2p-out-DHT disabled=yes \
new-packet-mark=dst-p2p-packet

/queue simple
add disabled=yes limit-at=1M/1M max-limit=1M/1M name=p2p packet-marks=\
dst-p2p-packet target=""

Is it maybe possible to make this work

sontrava, your two rules doesn't work for me. The utorrent keeps connecting and downloading.

sontrava, your two rules doesn't work for me. The utorrent keeps connecting and downloading.

That should do it. Send me your e-mail. I will help you.

i applied the firewall and it works but what i want to do now is to allow certain ips or disable firewall at 12pm in the evening and end at 6pm

info (at) tamax.com.ar

Should it stop the downloading once it is started or only works for new downloads?

Thank you

to lilproten

you can use scheduler to enable/disable firewall rules at given hours

Thanks Its Work for Me

please with respect to this firewall and mangle rules how do you use the scheduler anybody with knowledge on that and has done that...

secondly someone should help us in terms of limiting the speed of such traffic (p2p)

please with respect to this firewall and mangle rules how do you use the scheduler anybody with knowledge on that and has done that...

secondly someone should help us in terms of limiting the speed of such traffic (p2p)

+100
We really do want to this shaping rules instead of just blocking!
Pls someone who familiar with mangle and shaping rules try to make working ones

To the wiki... and beyond!

does skype working after applying any listed here rules?
I remember, i added rule like
forward - all-p2p - drop
and skype wouldn't work.

I try it, and works fine, but layer 7 http://l7-filter.sourceforge.net/layer7 ... orrent.pat works better in one rule (I use it in mangle)

If I'm working with PPP the times you use out/in interface "e3" in the rules 2, 4 and 5, Should I replace it with "!WAN" to select not only the LAN interface but also the virtual ppp sessions?

I entered manual all the lines the "\r\n" does not appear in the rules once entered. Should I edit the rule and add it manually?

Thank you

Hello all,
Can i have the firewall rule to block the torent as you guys suggested. I want to implement it in my network

the rules does not work for ppp sessions. Only work for static IP addresses. What shoud I change to block torrent on PPP?

Thank you

Does not work rule. What could it be?

Works perfectly so far on my wifi hotspot interface. Thank you!

2 all & baxim69

Working, except of teredo hole (windows Vista,7,...).
Additionally drop forward dst-port udp 3544.
And all be quiet.

can someone help me,
why i get the error "expected end of command (line 1 column 19)" in terminal when i right click to paste the command bellow. "p"r=udp is highlighted

a ac=d ch=forward in-i=ether2-master-local pr=udp cont="d1:ad2:id20:" dst-p=1025-65535 packet-s=95-190 com="torrent-DHT-Out-Magnet d1:ad2:id20:"

RB411R v.4.17

Works perfectly on my wifi hotspot interface. Thank you!

The blocking scheme doesnt work at me.
I tried other versions too, with packet/connection marking and L7 stuff, without any result.
Client utorrent, router RB951G-2HnD with RouterOS 6.11

This has worked well for utorrent for me.

If I add these rules without adding an interface they should work with all interfaces correct? PPP clients are still downloading torrents and the only thing that is different is I have not added the interfaces,

Until traffic is encrypted as the clients use in usual and in the most cases, there is no chance to block any p2p traffic with stuff based only on L7 traffic recognizing or on L7 pattern detection.

HI,

how can we apply these rules for specific IP address in local network?

thank you,

Ven

dears
i have RouterBOARD 750 GL
and need to disable all torrent actions in my network
how to do it
note : i have very low experience in mikrotik router

can someone help me,
why i get the error "expected end of command (line 1 column 19)" in terminal when i right click to paste the command bellow. "p"r=udp is highlighted

a ac=d ch=forward in-i=ether2-master-local pr=udp cont="d1:ad2:id20:" dst-p=1025-65535 packet-s=95-190 com="torrent-DHT-Out-Magnet d1:ad2:id20:"

Change "pr=udp" to "pro=udp"

Same with tcp on the next lines.

nice method ,, I will try soon ,, I need to ask you about how can I block app viber in (android and iPhone ) from mikrotik server ,,?
if you have idea plz comment here ,,

Thanks

can i use these rules without specifying the interfaces. I have 3 ppp interfaces as Wan and 10 interfaces as LAN

Не блокирует торрент траффик. Использовал первые 3 правила.

most trackers do not use DHT, local peer discovery, and peer exchange.

this rules catch torrent using protocol encryption??

Those rules block peer discovery, afaics. They don't block p2p itself.

Is anyway to use this rules to mark ongoing p2p traffic? thanks

personally i think is better to allow torrent but throttling it to give it a priority below other services

personally i think is better to allow torrent but throttling it to give it a priority below other services

Can u give us and example with code?

i take the example of this page and customize it

https://www.mikrotik-routeros.com/2014/ ... rees-v6-0/

the concept is this give me some time to upload the code

in this schemma indirectly torrent traffic get on queue others big or queue udp no voip, you give that queues the lowest priority and its done