Implementing Torrent Blocking with Layer7



  • I'm trying to implement bit torrent blocking with the help of Layer 7, to no avail.

    What I've done so far:-

    Created a L7 group, added a rule for bittorrent - action - block.

    I've created a rule in Floating table on the lan interface, action: pass, direction: any, protocol tcp/udp, source: any, dest: any, Layer 7: aforementioned L7 group.

    This does not seem to function - uploads seem slow for the torrents, but I do not know if this is a coincidence or not.

    I've tried clearing the state table as well as adding http to the rule and testing, with no results.

    I'm unsure what else to try? Is it a case that it's doing a fair job of blocking uploads, or is it just not working at all?

    As another route, I tried the traffic shaping wizard (multi-lan, single-wan), setup p2p catch all and gave it 2%. The trouble is that this seemed to apply to all traffic - including HTTP.



  • Hi,

    we talked on IRC some hours ago.

    I did a new test on my system with blocking http traffic on layer7. This is what I did:

    1. FIREWALL -> Traffic Shaper -> Layer7
    2. Create Layer7 rule
    3. Enable
    protocol: http
    structure: action
    behaviour: block
    4. Save

    Create a firewall rule on LAN tab on top of all other rules with protocol TCP/UDP and then scroll down to advanced options and select the layer7 container you created for http blocking.
    No need for floating rules!

    This is working for me. Test with:

    http://www.google.de
    and
    https://www.google.de

    The same way I configured traffic shaper for bittorrent but it is not working.
    As I said on IRC this depends how the bittorrent client establishes connection. Often it is encrypted and so the layer7 filters could not work.



  • Hi, I do indeed remember.

    That is interesting.

    Have you looked in to any other solutions for Torrent blocking? P2P catchall doesn't seem to be working for me, and appears to have a fairly serious impact on HTTP throughput.

    Is there perhaps a squid blacklist for known torrent-sites and trackers?



  • In other threads there were discussions about only allowing ports which are in general only used for legal traffic (http,https,pop3,…) and the same for traffic shaper.
    Giving high priority to "legal" traffic and only low priority for "unknown" traffic.

    This will not block torrent at all but perhaps slow down it.

    For blocking other downloads I am using squid and squidguard and blocking torrent in URL and the well known filehoster as rapidshare, uploaded.to and so on.

    There are some (free) blacklists for squidguard but they are blocking oftem more than I just want to.
    You can give it a try of course!

    http://www.shallalist.de/
    http://urlblacklist.com/


Locked