6 Replies Latest reply on Aug 2, 2011 7:01 AM by Tristan

    Blocking BitTorrent

      We need to block bit torrent on our SG580 firewall.  I put on packet filtering

       

      iptables -A FORWARD -m layer7 --l7proto bittorrent -j DROP

       

      but still not blocking bitTorrent traffic.

       

      what's the best way to block the traffic.

        • 1. Re: Blocking BitTorrent


          I add to URL blocking

           

          torrentz.com 

          bittorrentshare.com

           

           

          and packet filtering

          iptables -I FORWARD -p tcp -m mport --dport 6881:6999 -j DROP
          iptables -I FORWARD -p tcp -m mport --dport 6969 -j DROP
          iptables -I FORWARD -p tcp -m mport --dport 4865 -j DROP

           

          but download using BitTorrent program can still be done.


          Please help.

          • 2. Re: Blocking BitTorrent

            try

             

             

            ptables -I FORWARD -p tcp --dport 6881:6999 -j DROP
            iptables -I FORWARD -p tcp --dport 6969 -j DROP
            iptables -I FORWARD -p tcp --dport 4865 -j DROP

             

            or you can also do it via packet filtering in the GUI

            • 3. Re: Blocking BitTorrent

              I tried it but still not blocking.

               

              I also added:

              iptables  -I FORWARD  -m layer7 --l7proto bittorrent -j DROP

               

              but  BitTorrent program still download.

               

              Any other options?

              • 4. Re: Blocking BitTorrent

                seems to be blocking now.


                I also added on URL block:

                tracker.publicbt.com

                tracker.openbittorrent.com


                with the iptables:

                iptables -I FORWARD -p tcp --dport  6881:6999 -j DROP

                iptables -I FORWARD -p tcp --dport 6969 -j  DROP

                iptables -I FORWARD -p tcp  --dport 4865  -j DROP


                iptables  -I FORWARD  -m layer7 --l7proto bittorrent -j DROP

                 

                Thanks for the help!

                • 5. Re: Blocking BitTorrent
                  dnikolov

                  hi guys,

                  i also have SG580 and i have to block the torrent traffic in my office. So i put the the rows below in the "custom firewall rules"  but torrents still can be downloaded:

                  iptables -I FORWARD -p tcp --dport 6881:6999 -j DROP

                  iptables -I FORWARD -p tcp --dport 6969 -j DROP

                  iptables -I FORWARD -p tcp --dport 4865 -j DROP

                  iptables -I FORWARD -m layer7 --l7proto bittorrent -j DROP

                   

                  Untitled.jpg

                   

                   

                   

                   

                  I added ports 60000:64000 since the the uttorent client uses this port range but it still works/downloads without any problems

                   

                   

                  Have you any other idea ?

                  • 6. Re: Blocking BitTorrent
                    Tristan

                    From a quick Google search shows blocking ports 6881:6999, 6969 & 4865 isn't going to help much as the P2P client can just choose a random port to use, sometimes even port 80 and 443 for trackers and downloads.

                     

                    The only effect method of preventing its use is Layer 7 filtering but then if the client is using encryption then your even worse out of luck as layer 7 won't catch those packets..

                     

                    http://www.security-forums.com/viewtopic.php?t=61658

                    https://forum.openwrt.org/viewtopic.php?pid=42598