Mikrotik Layer 7 protocols: How to block torrent on Mikrotik routers using firewall filter rules and layer7 protocols

If you live in a first-world country where internet bandwidth is not a problem, then this post is obviously not for you. But if you manage a network where over 20 users are serviced by a 4Mbps internet connection, then you do have to come up with measures to stop the clever ones among the users from using Torrent to take the entire bandwidth to themselves. In this post, I will share how to stop the use of Torrent on your network.While it is easy for a lot of people to come up with different posts on how to block the use of Torrent on a network managed with a Mikrotik router, many of such posts have been found to slow down browsing speed and in most cases, do not even block the use of Torrent. With my years of experience deploying Mikrotik for enterprise networks, I have discovered that with the right code and implementation method, a Mikrotik router can effectively filter out and deny Torrent packets.

Configuration:

First, I will create a layer7 rule to identify Torrent packets. This rule will be named Torrent-wwws. It is always a good practice to give rules names that easily identify them.  Click on IP>>Firewall>>Layer7 Protocols and paste codes as shown below.
Block torrent on Mikrotik
Image showing how to block torrent
Next, we create a firewall filter rule to deny access for Torrent-bound traffics. See commands below.
Ip firewall
filter add chain=forward out-interface=ether1 action=drop layer7-protocol=Torrent-wwws
That is all you need to do. See the layer7 code below:
^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*$
Spread the love

2 thoughts on “Mikrotik Layer 7 protocols: How to block torrent on Mikrotik routers using firewall filter rules and layer7 protocols”

    • Please explain how you implemented it cos this lab still works even up till today. All websites open but attempts to download stuff via torrent and the rest apps specified in the L7 protocol will be blocked.

      Reply

Leave a Comment