![xunlei thunder download restrictions xunlei thunder download restrictions](https://www.mac-downloader.com/images/upload/article@4x3.jpg)
![xunlei thunder download restrictions xunlei thunder download restrictions](http://keemanxp.com/blog/wp-content/uploads/2011/06/screen2.jpg)
In you case, you have defined L7 rule only in prerouting chain not in the postrouting. Am I right? If yes, I don't understand if we still need dns rules listed in your post earlier?Īlso, according to this article, L7 rules have to be defined for both directions of traffaic (so we should use chain forward). So, according to this post all is needed to define l7 filter for bit-torrent in my case, set jump rule for this filter and default p2p filter, mangle this traffic and drop it. Set chain to forward and connection mark to p2p, Then action to drop or if you use jump rules set it to jump and then point to the drop rule. I have put it on top but this is depending on your own setup. Set action to mark connection and set it to lets say p2p Set it as a p2p-traffic chain (you will have to enter it).
![xunlei thunder download restrictions xunlei thunder download restrictions](https://static.warthunder.com/upload/image/wallpapers/1_87_1920x1080_logo_main_eng_4049b97e78fc8cc43152dd239a66526f.jpg)
Set Action Jump and Jump to target lets say p2p-trafficĭo this for all the defined L7 filters and also for the default p2p-all
![xunlei thunder download restrictions xunlei thunder download restrictions](https://nascompares.com/wp-content/uploads/2019/02/Synology-Setup-Guide-download-staiton.png)
Set it as a prerouting chain and set L7 accordingly. Sorry for my late reply I am involved in a large project right now. You will have to disable DNS query's outbound and only allow the DNS server in the Mikrotik. Please try it and if you can find any way to get around it please let me know This disables the normal tracker and the DHT and peer exchange. I use the L7 in the mangel rules combined with the normal Mikrotik p2p detection and add mark them as p2p and then I have a filter that blocks it. I use a RB1000 to back up my rule set.Ģ chain=prerouting action=jump jump-target=p2p-service layer7-protocol=DIRECTCONNECTģ chain=prerouting action=jump jump-target=p2p-service p2p=all-p2pĤ chain=prerouting action=jump jump-target=p2p-service layer7-protocol=BITTORRENT2ĥ chain=prerouting action=jump jump-target=tcp-services connection-state=new protocol=tcp dst-port=443Ħ chain=prerouting action=jump jump-target=p2p-service connection-state=new protocol=tcp layer7-protocol=HTTPS dst-port=!443ħ chain=prerouting action=jump jump-target=tcp-services tcp-flags=syn connection-state=new protocol=tcpĨ chain=prerouting action=jump jump-target=udp-services connection-state=new protocol=udpĩ chain=prerouting action=jump jump-target=other-services connection-state=newġ0 chain=p2p-service action=mark-connection new-connection-mark=p2p passthrough=noĢ6 chain=tcp-services action=mark-connection new-connection-mark=https passthrough=no protocol=tcp src-port=1024-65535 dst-port=443Ĭhain=forward action=add-src-to-address-list src-address-list=local-addr address-list=p2p-users address-list-timeout=4w3d connection-mark=p2pĦ chain=forward action=log connection-mark=p2p log-prefix="P2P"ħ chain=forward action=jump jump-target=drop connection-mark=p2p I have done some tests and i have not yet been able to make Bittorrent work. This will however not block P2P that uses 443. My setup tagges also encrypted packages (SSL) on non SSL ports. My basic setup i based on But I have made some modifications. I did need to block all P2P and did sort of like Chupaka said.