Bittorrent (p2p) blocking or limiting pfsense
-
how can i block or limit the bittorrent (p2p) on pfsense???
-
Naive torrent clients just use the standard ports, but most modern torrent clients use a mixture of TCP and UDP with random ports and all encrypted. Blocking torrent is futile.
The only way to mostly stop torrent is to block all traffic and force everything through a proxy. Technically, someone could tunnel torrent traffic through a proxy. It wouldn't very fast for them, but it would work.
The lowest hanging fruit is to block incoming ports, don't allow port forwarding, and white-list what destination ports can be used. 80, 443, 8080, and other standard ones.
-
You can use Snort to block P2P using the emerging threat P2P category. Just set it up on the LAN or other internal interfaces so you can identify the computer being blocked.
Warning: setting up snort is a time consuming process that also uses RAM and CPU.
-
Snort can catch the low hanging fruit, but it cannot detect trackerless, DHT, or the actual transfers if encryption is enabled in BitTorrent. The BT protocol was semi-recently designed to be nearly impossible to detect other than by its bandwidth usage.
-
You can also detect it by the states the protocol consumes in the firewall. The protocol will use upwards of 10k states.
I had to do this at a customer site. I ended up just blocking the IP of the PC entirely in the firewall, reporting it to the owner, and removing the software. The offender was fired.