Blocking torrents with time schedule
-
I'm trying to block torrents during the day and allowed at night. But the rule isn't working.
Torrents still work but none of the rules are showing states or traffic passing
therefore, how are torrents getting out ? - I've tried clearing states but that didn't do anything.What the issue seems to be is stopping torrents. The timed pass torrent rule works starting and killing existing states but torrents continue to download without any states or data showing anywhere ?
-
1.blocking torrents is a pain ... its unlikely u'll succeed with just blocking ports. you'll need some sort of dpi (snort/surricata)
2.source-ports are not the same as destination ports, that's probably why your rules don't match any traffic -
That's more or less what I've concluded. What I don't understand is if some other ports get opened where do they 'get out' if there's not a rule for them ?
-
they can go out any port ....
as far as i can tell, you allow DNS/HTTPS/HTTP ....
-
Ok, I assumed it needed a rule to allow torrent data out, unless it already has a state set with another rule and if that rule time schedule expires that state would be killed stopping that data out through that rule.
-
It appears snort or surricata will not do scheduling. I think I'll abandon the idea...
