<![CDATA[Implementing Torrent Blocking with Layer7]]>I'm trying to implement bit torrent blocking with the help of Layer 7, to no avail.

What I've done so far:-

Created a L7 group, added a rule for bittorrent - action - block.

I've created a rule in Floating table on the lan interface, action: pass, direction: any, protocol tcp/udp, source: any, dest: any, Layer 7: aforementioned L7 group.

This does not seem to function - uploads seem slow for the torrents, but I do not know if this is a coincidence or not.

I've tried clearing the state table as well as adding http to the rule and testing, with no results.

I'm unsure what else to try? Is it a case that it's doing a fair job of blocking uploads, or is it just not working at all?

As another route, I tried the traffic shaping wizard (multi-lan, single-wan), setup p2p catch all and gave it 2%. The trouble is that this seemed to apply to all traffic - including HTTP.

]]>https://forum.netgate.com/topic/39070/implementing-torrent-blocking-with-layer7RSS for NodeTue, 09 Jun 2026 23:56:40 GMTFri, 11 Nov 2011 12:23:12 GMT60<![CDATA[Reply to Implementing Torrent Blocking with Layer7 on Sat, 12 Nov 2011 12:36:41 GMT]]>In other threads there were discussions about only allowing ports which are in general only used for legal traffic (http,https,pop3,…) and the same for traffic shaper.
Giving high priority to "legal" traffic and only low priority for "unknown" traffic.

This will not block torrent at all but perhaps slow down it.

For blocking other downloads I am using squid and squidguard and blocking torrent in URL and the well known filehoster as rapidshare, uploaded.to and so on.

There are some (free) blacklists for squidguard but they are blocking oftem more than I just want to.
You can give it a try of course!

http://www.shallalist.de/
http://urlblacklist.com/

]]>https://forum.netgate.com/post/304144https://forum.netgate.com/post/304144Sat, 12 Nov 2011 12:36:41 GMT<![CDATA[Reply to Implementing Torrent Blocking with Layer7 on Sat, 12 Nov 2011 01:45:13 GMT]]>Hi, I do indeed remember.

That is interesting.

Have you looked in to any other solutions for Torrent blocking? P2P catchall doesn't seem to be working for me, and appears to have a fairly serious impact on HTTP throughput.

Is there perhaps a squid blacklist for known torrent-sites and trackers?

]]>https://forum.netgate.com/post/304112https://forum.netgate.com/post/304112Sat, 12 Nov 2011 01:45:13 GMT<![CDATA[Reply to Implementing Torrent Blocking with Layer7 on Fri, 11 Nov 2011 18:07:29 GMT]]>Hi,

we talked on IRC some hours ago.

I did a new test on my system with blocking http traffic on layer7. This is what I did:

1. FIREWALL -> Traffic Shaper -> Layer7
2. Create Layer7 rule
3. Enable
protocol: http
structure: action
behaviour: block
4. Save

Create a firewall rule on LAN tab on top of all other rules with protocol TCP/UDP and then scroll down to advanced options and select the layer7 container you created for http blocking.
No need for floating rules!

This is working for me. Test with:

http://www.google.de
and
https://www.google.de

The same way I configured traffic shaper for bittorrent but it is not working.
As I said on IRC this depends how the bittorrent client establishes connection. Often it is encrypted and so the layer7 filters could not work.

]]>https://forum.netgate.com/post/304056https://forum.netgate.com/post/304056Fri, 11 Nov 2011 18:07:29 GMT