Layer 7 p2p is catching all my traffic and PASSing the non p2p

  • My layer 7 torrent filter is set to block torrent traffic (no shaping). I have a rule to pass my traffic to the l7 filter. Is the intended behavior to capture ALL my traffic and only block the ones that it sees at torrents and PASS all the other traffic?

    For example, I tested and applied 2 rules on my LAN interface (all other firewall rules disabled):

    1. PASS ALL rule with the layer 7 filter applied.
    2. DENY ALL

    This results in users having full internet (TCP/UDP traffic) access except for torrents (sometimes this layer 7 rule just doesnt work though). Is that how its meant to work or is something broken on my side (transparent squid proxy perhaps)?

    I understand that technically this doesnt matter when using a DENY ALL because you wont need a layer 7 filter when you are only selectively allowing traffic on your network, but see below why I'm asking this.

    On a side note, I want to make sure that I'm applying this filter correctly. Most of the posts here are regarding shaping and queues so I'm not sure if this works the same.

    Floating Rules:

    Am I applying this to the right interfaces and in the right direction? With the above behavior of passing all other traffic I'm a bit worried to apply it to my WAN interface but I also dont think its needed because my WAN interface doesnt have any rules on it (thus implicit DENY)?

    I tried adding this filter to my PASS ALL on my LAN interface tab but then it didnt seem to work…

    Currently this filter sometimes works other times torrents are coming through.

    Sorry for all the questions!

Log in to reply