Categories: MikroTik

How to block bit torrent/all P2P packets on Mikrotik routers for selected users during work hours

As a network administrator, being able to stamp your authority on your network by deciding what can and cannot be done is one of the keys to keeping your job. After all, everyone believes you are not doing anything until the network crashes. Bit torrent is one of those applications that network administrators don’t like to see on users’ PC even though they (network administrators) cant do without it. How else do you think they get all the e-books and video tutorials? In this post, I will share how to block all p2p downloads through Mikrotik router.

If you find yourself working for a company that has little to zero resources budgeted for internet subscription, then its on you to implement policies that will guard against bandwidth abuse while making sure that top management staff, trusted to be well-behaved, have unrestricted access to network resources. One of the ways to achieve this is a complete lock down of access to bit torrent during working hours for users. Since the boss is the one paying, it is right to have him and a few others excepted from this.

If you understand the workings of the Mikrotik routerOS, implementing policies to take care of issues like this can be easy even though it comes in steps. There are two steps involved in achieving this. First, we have to create an address list to capture the IP addresses of those that need to be denied access to bit torrent. Secondly, we create a firewall rule to drop bit-torrent or all p2p for those whose addresses are captured in the address list created in step one. See steps below.

[admin@timigate] > ip firewall address-list add address=192.168.3.2-192.168.3.18 ist=timigate

If the addresses are not in range as used above, then you need to add them one after the other, making that the name of the list is the same. Next, we create a firewall forward rule to drop bit-torrent or all p2p traffics during working hours for the address list named timigate. See below.

[admin@timigate] > ip firewall filter add chain=forward action=drop p2p=bit-torrent src-address-list=timigate time=8h-17h,mon,tue,wed,thu,fri

Spread the love

Timigate

Next Cisco ASA firewall initial configuration: IP address assignment, NAT and default routes. »

Previous « Protecting network stability with Spanning tree root guard.

View Comments

GONZALO SALAS SALGADO says:

July 1, 2018 at 2:02 am

does not work in version 6.42.5, you do not have the P2P option in the firewall
gonzalo salas says:

July 1, 2018 at 2:02 am

does not work in version 6.42.5, you do not have the P2P option in the firewall
- Timigate says:
  
  July 1, 2018 at 11:13 am
  
  Hello Gonzalo, you can easily upgrade your router OS to the latest version by going to system>>packages>>check for updates or click on this link http://timigate.com/2018/01/mikrotik-layer-7-protocols-how-to-block.html to block based on file type. Thanks