Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.0-RC2: block utorrent's uTP connections?

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pekmop1024
      last edited by

      Is it possible with standard pfSense 2 tools?

      UPD: I have working iptables rules for this case, anyone could tell me, how to convert it for pfSense?

      iptables -I FORWARD 1 -m udp -p udp -m string --hex-string "|7FFFFFFFAB|" --algo kmp --from 40 --to 44 -m statistic --mode random --probability 0.90 -j REJECT --reject-with icmp-port-unreachable
iptables -I FORWARD 2 -m udp -p udp -m string --hex-string "|7fffffff0003|" --algo kmp --from 36 --to 41 -m statistic --mode random --probability 0.90 -j REJECT --reject-with icmp-port-unreachable
iptables -I FORWARD 3 -m udp -p udp -m string --hex-string "|0000000000380000|" --algo kmp --from 36 --to 43 -m statistic --mode random --probability 0.90 -j REJECT --reject-with icmp-port-unreachable
      1 Reply Last reply Reply Quote 0
      • T Offline
        tbaror
        last edited by

        @pekmop1024:

        Is it possible with standard pfSense 2 tools?

        UPD: I have working iptables rules for this case, anyone could tell me, how to convert it for pfSense?

        iptables -I FORWARD 1 -m udp -p udp -m string --hex-string "|7FFFFFFFAB|" --algo kmp --from 40 --to 44 -m statistic --mode random --probability 0.90 -j REJECT --reject-with icmp-port-unreachable
iptables -I FORWARD 2 -m udp -p udp -m string --hex-string "|7fffffff0003|" --algo kmp --from 36 --to 41 -m statistic --mode random --probability 0.90 -j REJECT --reject-with icmp-port-unreachable
iptables -I FORWARD 3 -m udp -p udp -m string --hex-string "|0000000000380000|" --algo kmp --from 36 --to 43 -m statistic --mode random --probability 0.90 -j REJECT --reject-with icmp-port-unreachable

        Hi
        As far as know no ,but you got Layer7 functionality that doing the same job
        under Firewall: Traffic Shaper: Layer7 >you create new group of P2P and assign to it bitorrent , e-donkey 
        Next you assign this group under you're local LAN allow outbound  rule under Advanced features there Layer7 you choose the pre-configured layer7 group created previously and you are done.
        other than that there is excellent package SNORT over there you got whole section rule for P2P or what ever type of protocol you can think of  for blocking.
        Regards

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.