Limit torrent traffic (2.0 Final)
-
I can't find out how to limit torrent traffic. I've tried all sorts of combinations with Layer7, limiters and (floating) rules.
I even tried limiting all UDP/TCP traffic on an interface (with a non-floating rule), that's the only time I actually saw something happening on the "Limiter info" page. But when monitoring the traffic graph for the interface, speeds way exceeded the 50kb/s limit I tried to put on them.
Why is there no simple howto? I even saw everything being configured on the EuroBSD Con and thought I could configure it now but no matter how hard I try, I just can't get any results. >:(
-
Hi,
I tried Layer7 filtering/blocking for torrent yesterday, too.
And in the afternoon I had a discussion with anothr pfsense user who tried this in the past without success, too.I created a Layer7 container with bittorrent and "block". Added this container to a "Pass" firewall rule with TCP/UDP on the top of all other rules and it didn't work. Perhaps the pfsense bittorrent filter does not match the data stream of the torrent protocol (anymore).
-
Well now days most of bit torrent is encrypted so not many filters will catch it, no?!
-
Currently, a viable way to limit P2P traffic (which is mostly encrypted) would be to try to prioritize as many "known" services as practical (e.g. dns, http, smtp, pop, imap etc) and then just put all the rest (which would include P2P) in "bulk traffic" category with low bandwidth.
L7 might be used to identify & classify certain protocols that also encrypt their traffic, e.g. Skype (I posted about it in this sub-forum a few weeks ago).
Another way that I've considered would be to use pf's max-src-conn-* options to limit the total number of open connections for each IP, but pfsense currently puts the "offending" IPs into the <virusprot>table and thus blocks them altogether…
To clarify, I'd like to define an alias known_ports = "{ 22, 25, 53, 80, 443, etc }" and then add a fw rule
from LANnet
to any
port !known_ports
max-src-conn-rate 4/60Since P2P connections tend to be numerous, short and bursty, with the only common parameter being the src-IP (the client running the P2P software), I would think it would throttle them down a bit.</virusprot>