Want to block bittorrent in my network
-
I wanted to block bittorrent and also messenger, i had configured it in Layer 7, but its not working, may be i had missed some settings, please guid me where did i made mistake
Reagrds,
Prashant Chauhan
-
If you have other ports open, for example https.
Torrent client can communicate via ssl with other nodes just like a web client and no layer7 rule will be match.
-
If you have other ports open, for example https.
Torrent client can communicate via ssl with other nodes just like a web client and no layer7 rule will be match.
Then what is the way to block ?
-
Allow access just to services/ips you know and use proxy to filter http/https
If you cant do this, instead of blocking p2p l7 traffic you can set a 10kbps bandwidht. This way clients can connection But datatransfers will be really slow.
-
Allow access just to services/ips you know and use proxy to filter http/https
If you cant do this, instead of blocking p2p l7 traffic you can set a 10kbps bandwidht. This way clients can connection But datatransfers will be really slow.
Sir, The solution what u provided will slow down my other necessary files downloading too. And also may slow down my sufring. But instead of that currently I had blocked torrent client via my firewall which is connected before my pfsense proxy, and its working.
I want know know it if things does not block then why is Layer7, how does it functions.
-
Allow access just to services/ips you know and use proxy to filter http/https
If you cant do this, instead of blocking p2p l7 traffic you can set a 10kbps bandwidht. This way clients can connection But datatransfers will be really slow.
Sir, The solution what u provided will slow down my other necessary files downloading too. And also may slow down my sufring. But instead of that currently I had blocked torrent client via my firewall which is connected before my pfsense proxy, and its working.
I want know know it if things does not block then why is Layer7, how does it functions.
What about using Snort and block p2p by that way? (i believe it was possible, i had to abandon Snort because it isn't working properly on 2.1 :-( )
-
Allow access just to services/ips you know and use proxy to filter http/https
If you cant do this, instead of blocking p2p l7 traffic you can set a 10kbps bandwidht. This way clients can connection But datatransfers will be really slow.
Sir, The solution what u provided will slow down my other necessary files downloading too. And also may slow down my sufring. But instead of that currently I had blocked torrent client via my firewall which is connected before my pfsense proxy, and its working.
I want know know it if things does not block then why is Layer7, how does it functions.
What about using Snort and block p2p by that way? (i believe it was possible, i had to abandon Snort because it isn't working properly on 2.1 :-( )
I had resolved this issue by blocking it via my Hardware filrewall device, blocking of bittorrent and teamviewer however does not work via PFSENSE.
But my question to the Hero Member is why is the Layer 7, and what is its function, how does it works , so that i cam make use of it. I am asking in behalf of everyone please request u to answer.
Thanks
-
You can use l7 rules but if any client/server change the way it communicates(for example ssl), l7 rules will not match on firewall tests. Blocking ports/services you do not know or want is the first step,in my oppinion, to secure your network.
-
Yeah, this is no easy undertaking. I'd say you could only block typical torrent traffic using L7 - but it would be easy for someone knowledgeable to get around it.
