Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block P2P seems like mission impossible

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 7 Posters 10.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rt_rex
      last edited by

      Hi everyone

      I have one machine running Pfsense it´s working as gateway and also doing the PPPoe connecting to my ISP.(wan PPPoe)

      I am trying to block all P2P(all is very hard but at least the most common) ,i am using snort and i checked the snort rulles and the correct ports to block are configured ad block offenders is enable.But it does not block everything it blocks the P2P Upload (in the emule case) but it does not block the download.  >:(

      I allready read somewhere in the forum that some P2P use also htttp does this mean it's a mission impossible to compleatly block it. ???

      thanks

      Don´t Try this @home go outside!
      WIFI Link @ 76 km
      Pfsense with 3G USB

      1 Reply Last reply Reply Quote 0
      • M
        mastrboy
        last edited by

        you could proxy the http connections, that should block out the p2p apps trying to use that port, or you could write something like Checkpoints Smartdefense for pfsense ;)

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          There's no way to completely block P2P, even if we did have something like CheckPoint SmartDefense, because a lot of P2P apps now can encrypt their traffic and run over common ports, so it looks no different from say HTTPS or a VPN connection.

          The unencrypted ones should be blockable with snort, but I'm not familiar with that.

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            The snort package has some p2p detection rules. In combination with the block offenders checkbox you can shut some of this traffic down (unless it's using the "stealth" techniques cmb already mentioned).

            1 Reply Last reply Reply Quote 0
            • S
              SPITwSPOTS
              last edited by

              I have tried to use snort to block p2p but often the first ip in the alert is my wan IP.  (which is white listed)  Is it possible to have snort block both IPs in the alert?

              1 Reply Last reply Reply Quote 0
              • G
                geauxtigers
                last edited by

                Have you looked into a packet shaping appliance. I'm not sure if you want to spend much money, but shaping can at least help control P2P. You can get something like a netequalizer for a few thousand dollars.

                1 Reply Last reply Reply Quote 0
                • S
                  SPITwSPOTS
                  last edited by

                  We don't want to slowdown the p2p we want to stop the most common apps from working at all.  It seems that snort would be perfect for this if only it could be set to block both the src and dst ips when an alert is generated.

                  1 Reply Last reply Reply Quote 0
                  • H
                    hadi57
                    last edited by

                    hi

                    using  traffic quota for every user, and if the traffic exceed the quota then his internet will be blocked or slow down to minimum bandwidth.

                    hadi57

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.