Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Layer 7 p2p is catching all my traffic and PASSing the non p2p

    Traffic Shaping
    1
    1
    1289
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Aburger last edited by

      My layer 7 torrent filter is set to block torrent traffic (no shaping). I have a rule to pass my traffic to the l7 filter. Is the intended behavior to capture ALL my traffic and only block the ones that it sees at torrents and PASS all the other traffic?

      For example, I tested and applied 2 rules on my LAN interface (all other firewall rules disabled):

      1. PASS ALL rule with the layer 7 filter applied.
      2. DENY ALL

      This results in users having full internet (TCP/UDP traffic) access except for torrents (sometimes this layer 7 rule just doesnt work though). Is that how its meant to work or is something broken on my side (transparent squid proxy perhaps)?

      I understand that technically this doesnt matter when using a DENY ALL because you wont need a layer 7 filter when you are only selectively allowing traffic on your network, but see below why I'm asking this.

      On a side note, I want to make sure that I'm applying this filter correctly. Most of the posts here are regarding shaping and queues so I'm not sure if this works the same.

      Floating Rules:

      Am I applying this to the right interfaces and in the right direction? With the above behavior of passing all other traffic I'm a bit worried to apply it to my WAN interface but I also dont think its needed because my WAN interface doesnt have any rules on it (thus implicit DENY)?

      I tried adding this filter to my PASS ALL on my LAN interface tab but then it didnt seem to work…

      Currently this filter sometimes works other times torrents are coming through.

      Sorry for all the questions!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy