Pular para o conteúdo principal

Mikrotik - Block Bittorrent and P2P using latest Mikrotik Version 6.41

Mikrotik new version software stops blocking torrents and p2p with the error P2P matcher is obsolete please use layer7 matcher instead - MikroTik

Here are the new and revise configuration steps that will block torrents and p2p traffic from mikrotik router.

/ip firewall layer7-protocol
add comment="Block Bit Torrent" name=layer7-bittorrent-exp regexp="^(\\x13bitt\
    orrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?inf\
    o_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[\

/ip firewall filter
add action=add-src-to-address-list address-list=Torrent-Conn \
    address-list-timeout=2m chain=forward layer7-protocol=\
    layer7-bittorrent-exp src-address= src-address-list=\
add action=drop chain=forward dst-port=\
    !0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=tcp \
add action=drop chain=forward dst-port=\
    !0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=udp \

Postagens mais visitadas deste blog

Mikrotik - Reduce gaming and streaming lag with a Mikrotik RouterBOARD

Do you play online games? Of course you do. Have you experienced lag? Very likely. No matter how fast your internet connection is, if another program or person on your network competes for bandwidth, the packets will be processed at the same priority, resulting in increased latency (or worse, packet loss) for your game or other interactive applications. Whether you share an internet connection with roommates or operate a gaming house, LAN center, etc, this can quickly become a problem. Thankfully there's a cheap and relatively easy way to solve this in the form of a decent router - the Mikrotik RouterBOARD.
Many people are familiar with the trouble consumer grade routers can cause. It's not a surprise that the number one go to troubleshooting technique is a simple reboot - consumer routers are designed to be low price and thus operate on cheap hardware with limited memory which can easily cause problems. From NAT table overflows to DHCP server crashes, your off-t…

Disabling Mikrotik Hotspot DNS Proxying for Authenticated Users

My wireless ISP (WISP) uses the Mikrotik hotspot feature with RADIUS on the back end to authenticate our users. This implements a captive portal that redirects all DNS requests so that the user is taken to a login page if they’re not logged in. Once they log in once, the system associates their radio with their account, and they don’t have to log in anymore under normal circumstances.
However, once logged in, users still have all their DNS requests proxied through the routers. A lot of users want to use their own DNS (like OpenDNS or Google Public DNS), and that’s fine with me, but a user ran the namebench utility and found that their DNS was being forcibly proxied.
It took some hunting, but I finally found this post on the Mikrotik forums which details how to get around this. Basically:
The hotspot adds dynamic DNS redirect rules. If you go to /ip firewall nat and just print, these rules don’t show up. If you do print dynmic they do. The relevant lines are:

2 D chain=hotspo…