L7 block not working



  • Hi guys,

    I have one VLAN where I dont want to allow any torrent-traffic.
    For this I created one Layer7-Limiter, chose "bittorrent" and as "action" "block" .
    I then added this Limiter in the advanced options of my outgoing FW-Rule.

    But from my testclient I still can download torrents at high speeds.
    Where is my mistake?

    pfsense 2.0.1

    Regards
    T





  • ok, you want to tell me that the QOS is broken?

    EDIT:
    Ok, if it is broken:
    1. How can I check if it is broken?
    2. Is there something I need to turn on/check on some other config-files before using the L7-Blocker?

    EDIT2:
    Seems like I am not the only one havong this problem. HTTP-Traffice is easily blocked using a L7-Shaper, but bittorrent not. So I will try to use squid and block torrent downloads.
    Then this topic can be closed.

    Regards
    T



  • Yes, I am actually trying to get this to work correctly right now as well. For some reason, no matter what I do, the L7 filter never seems to catch Bittorrent traffic. I know if the traffic is encrypted it won't find it, but I checked my client and encryption is disabled.

    Really all I want is to make sure Bittorrent gets moved to the lowest possible queue, which seems simple but it doesn't work…

    If I'm not mistaken normally you would:

    • Add your rules to a L7 container and name it
    • Add a floating firewall rule to apply your TCP/UDP traffic to that container if it originates from LAN

    Yet, no matter how vague I get with my rules it does nothing, so I can only assume it's broken?



  • Same issues here. L7 torrent doesnt work for non encrypted torrent traffic but we can stop http with the L7 containers


Log in to reply