Mikrotik Layer 7 protocols: How to block torrent on Mikrotik routers using firewall filter rules and layer7 protocols

If you live in a first-world country where internet bandwidth is not a problem, then this post is obviously not for you. But if you manage a network where over 20 users are serviced by a 4Mbps internet connection, then you do have to come up with measures to stop the clever ones among the users from using Torrent to take the entire bandwidth to themselves. In this post, I will share how to stop the use of Torrent on your network.While it is easy for a lot of people to come up with different posts on how to block the use of Torrent on a network managed with a Mikrotik router, many of such posts have been found to slow down browsing speed and in most cases, do not even block the use of Torrent. With my years of experience deploying Mikrotik for enterprise networks, I have discovered that with the right code and implementation method, a Mikrotik router can effectively filter out and deny Torrent packets.

Configuration:

First, I will create a layer7 rule to identify Torrent packets. This rule will be named Torrent-wwws. It is always a good practice to give rules names that easily identify them.  Click on IP>>Firewall>>Layer7 Protocols and paste codes as shown below.
Block torrent on Mikrotik
Image showing how to block torrent
Next, we create a firewall filter rule to deny access for Torrent-bound traffics. See commands below.
Ip firewall
filter add chain=forward action=drop layer7-protocol=Torrent-wwws
That is all you need to do. See the layer7 code below:
^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*$

Spread the love

Timigate

Ashioma Michael, a BSc (Computer Science)., MTCNA, CCNA, and CCNP holder with many years of industry-proven experience in network design, implementation and optimization. He has tutored and guided many professionals towards obtaining their Cisco certifications. Mike works as a senior network engineer with one of the leading internet service providers in West Africa.

Leave a Reply

Your email address will not be published. Required fields are marked *