Is Traffic Shaper the best solution to block Torrents?

stramato · Aug 12, 2010, 5:51 AM

I just want to BLOCK torrenting (any kind).

Is pfSense Traffic Shaper the best solution for this?

Gob · Aug 12, 2010, 6:17 AM

I believe the best method is to use Layer 7 filtering, but that is a PfSense 2.0 feature only. Can you wait a little while longer for v.2?

stramato · Aug 13, 2010, 1:14 AM

@Gob:

I believe the best method is to use Layer 7 filtering, but that is a PfSense 2.0 feature only. Can you wait a little while longer for v.2?

I just installed BETA4 to check it out. Is it this one?

I will try to test it. Is it working here in BETA4? Thanks :)

Gob · Aug 13, 2010, 5:57 AM

That's the one. I think you now have to assign that policy to a firewall rule.

joe_adk · Aug 13, 2010, 8:10 AM

Although L7 is the best way, keep in mind that this still won't work for encrypted torrent traffic.

stramato · Aug 13, 2010, 11:11 AM

@joe_adk:

Although L7 is the best way, keep in mind that this still won't work for encrypted torrent traffic.

Hmm, are these the Torrent files with the "padlock" icon when I browse through say, btjunkie or piratebay?

What can we do about it?

Rampage · Aug 14, 2010, 4:08 PM

bittorrent traffic encryption is defined by peers, and is not an information stored in the torrent file.

you can configure your torrent client to talk only with other peers that are using encryption and so on.

as far as i know there is no way to perform DPI on encrypted data, so the filter won't work since it cant identify the traffic.

Implementing it is not a bad idea tho, couse it can filter many users out, not all, but many, and eventually you can add some other rules that may result annoying for bittorrent users, like preventing HTTP traffic on ports commonly used by bittorrent to communicate with the tracker for retrieving peers list.

remember that even with layer 7 filtering, skilled users will always find a way to evade, but it's a metter of stopping the common users, who are the majority.

Rampage · Aug 14, 2010, 6:10 PM

is there a "NOT" for the protocols in the layer7 tab?

couse i would like to apply a layer 7 rules for most ports to perform protocol filtering.

it would be usefull to have something like "block all non http protocol" so that it can be applied to, for instance, the rule that says to permit traffic on port 80

in this way i would be able to block all protocols except http
then create other pools for FTP, MAIL and other protocols to assign to respective port rules.

omotobs · Aug 24, 2010, 2:08 AM

its works for me, I use pfsense 1.2.2 and I use traffic shapping not actually block torrent downloads but to limit its download speed to 1k of download and upload speed.

pran · Aug 30, 2010, 9:27 AM

For 99% of the users on the network, blocking/shaping bittorrent traffic using commonly-used ports seems to be effective. For the 1% who got through, you can use other means of tracking them down.