There could be a few reasons why you’d want to block bittorrent traffic, maybe even more than a few. Torrent downloads and uploads, especially, can use an egregious amount of bandwidth if unrestricted, bittorrent activity can lock up old routers (maybe due to the number of connections, at least it happened to me many years back), and torrent downloads can result in copyright-infringement violations that are easily traceable to the seeder / leecher IP address.
Which, we recently got a couple of infringement notices where I work, and the IPs used to download the copyright-protected content belong to one of the free WiFi hotspots we support. So, we can’t serve an unknown user a warning / notice as hotspot users are essentially anonymous from our viewpoint. Instead, we moved to just block torrent traffic entirely through those locations.
I found a config reading through the Mikrotik forums that does appear to do just that:
/ip firewall layer7-protocol add comment="Block Bit Torrent" name=layer7-bittorrent-exp regexp="^(\\x13bitt\ orrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?inf\ o_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[\ RP]" /ip firewall filter add action=add-src-to-address-list address-list=Torrent-Conn \ address-list-timeout=2m chain=forward layer7-protocol=\ layer7-bittorrent-exp src-address=192.168.88.0/24 src-address-list=\ !allow-bit add action=drop chain=forward dst-port=\ !0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=tcp \ src-address-list=Torrent-Conn add action=drop chain=forward dst-port=\ !0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=udp \ src-address-list=Torrent-Conn
Using the above, the only thing you may need to change is the LAN network, which is 192.168.88.0/24 in the config here.
I don’t have access to a Windows computer, but could not get Transmission to start an Ubuntu server ISO download with the config enabled, but could with it disabled. Even with forced encryption the results were the same — the torrent download did not work.
I’ve read that using Layer 7 can be CPU-intensive with a lot of connections, though I see no immediate problems using a MikroTik hAP ac lite for this, though usage on our hotspots is fairly minimal, and we kick them off overnight.
I created this post to increase the visibility of this topic, in part because it took me a bit to find something that I thought might actually work. In 2021 and beyond (and likely after 2015 or before), using an array of torrent site names, like:
To build a blocklist is pointless because:
- Getting access to a torrent doesn’t necessarily mean you have to visit one of the aforementioned URLs
- The list of torrent or magnet-sharing sites is ever changing. New sites pop up, old sites go offline. You can’t effectively block torrents this way unless you only want to stop people from visiting certain, specific URLs
If your expierience differs or you have a tweak to the above config (or some other config) that works better, feel free to let me know.
Again, the forum thread where I found this info: https://forum.mikrotik.com/viewtopic.php?t=163251