Block p2p with squid

  • If I install Squid on my pfsense box, and block all outgoing ports, and force people to change their browser settings to use the proxy, would this block p2p things like BitTorrent and Limewire?


  • Assuming they aren't proxy capable, yes.

    Don't forget you'll need to allow DNS and DHCP to the pfSense server

  • Block the ports with fw rules, allowing only the required ports like 53/UDP 110, 25 etc and then two words added in blacklist like "announce and tracker" will possibly block p2p apps.

  • uTorrent will get out on a single open port including DNS. I have been unsuccessful in being able to completely block p2p. More and more p2p torrent applications will tunnel their way through anything.
    Even if you block every single tracker out there DHT will still work.

    If this is for a work environment or a place where there are professional consequences then the only way to handle p2p traffic completely is to have your users sign an agreement and hold them accountable when that agreement is broken.

Log in to reply