Создать правило для торрентов

Обсуждение ПО и его настройки
Ответить
Farseer
Сообщения: 14
Зарегистрирован: 18 июн 2012, 13:18

Добрый день. Подскажите пожалуйста, какие настройки можно сделать для пользователей, использующих торренты. Организована PCQ очередь, но хотелось бы для торрентов сделать дополнительные ограничения - по скорости, количеству подключений и прочему - чтоб минимизировать нагрузку на маршрутизатор и канал.


nurjr
Сообщения: 12
Зарегистрирован: 29 дек 2010, 12:56

Мы ограничиваем скорость с помощью правил
Ограничиваются не все но часть отлавливаем, если у клиента стоит шифрование то тогда ничего не поможет
Можно ограничить количество соединений на клиента
правило такое


#
/ip firewall filter
add action=accept chain=forward comment=full disabled=yes src-address-list=\
full
add action=accept chain=forward comment=full disabled=yes dst-address-list=\
full
add action=log chain=forward comment=p2p-packet disabled=yes log-prefix="" \
packet-mark=p2p
add action=add-src-to-address-list address-list=torrent address-list-timeout=\
10m chain=forward comment=p2p-packet disabled=yes packet-mark=p2p \
src-address=10.5.50.0/24 time=10h-23h49m59s,sun,mon,tue,wed,thu,fri,sat
add action=add-dst-to-address-list address-list=torrent address-list-timeout=\
10m chain=forward comment=p2p-packet disabled=yes dst-address=\
10.5.50.0/24 packet-mark=p2p time=\
10h-23h49m59s,sun,mon,tue,wed,thu,fri,sat
add action=add-src-to-address-list address-list=torrent address-list-timeout=\
10m chain=forward comment=p2p-packet disabled=yes packet-mark=p2p \
src-address=10.10.10.0/24 time=10h-23h49m59s,sun,mon,tue,wed,thu,fri,sat
add action=add-dst-to-address-list address-list=torrent address-list-timeout=\
10m chain=forward comment=p2p-packet disabled=yes dst-address=\
10.10.10.0/24 packet-mark=p2p time=\
10h-23h49m59s,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment=all-p2p disabled=yes p2p=all-p2p
add action=drop chain=input comment=all-p2p disabled=yes p2p=all-p2p
add action=drop chain=input comment=p2p-mark disabled=yes packet-mark=p2p \
time=0s-23h59m59s,sun,mon,tue,wed,thu,fri,sat
add action=drop chain=forward comment=p2p-mark disabled=yes packet-mark=p2p
add action=drop chain=forward comment="!!!_BAN_!!! -> torr" disabled=yes \
dst-address-list=torrent protocol=tcp src-port=1000-65535
add action=drop chain=forward comment="!!!_BAN_!!! -> torr" disabled=yes \
dst-address-list=torrent protocol=udp src-port=1000-65535
add action=drop chain=forward comment="!!!_BAN_!!! torr ->" disabled=yes \
dst-port=1000-65535 protocol=tcp src-address-list=torrent
add action=drop chain=forward comment="!!!_BAN_!!! torr ->" disabled=yes \
dst-port=1000-65535 protocol=udp src-address-list=torrent
add action=accept chain=input disabled=yes dst-port=8291 in-interface=\
infoline protocol=tcp
add action=accept chain=input disabled=yes dst-port=1723 in-interface=\
infoline protocol=tcp
add action=accept chain=input disabled=yes dst-port=84 in-interface=infoline \
protocol=tcp
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
1d chain=forward connection-limit=30,32 disabled=yes dst-port=25 limit=\
50,5 protocol=tcp src-address-list=!spammer
add action=drop chain=forward disabled=yes dst-port=25 protocol=tcp \
src-address-list=spammer
add action=accept chain=input comment="Added by webbox" disabled=yes \
protocol=icmp
add action=accept chain=input comment="Added by webbox" connection-state=\
established disabled=yes in-interface=infoline
add action=accept chain=input comment="Added by webbox" connection-state=\
related disabled=yes in-interface=infoline
add action=drop chain=forward disabled=yes p2p=all-p2p
add action=drop chain=input comment="Added by webbox" disabled=yes \
in-interface=infoline
add action=jump chain=forward comment="Added by webbox" disabled=yes \
in-interface=infoline jump-target=customer
add action=accept chain=customer comment="Added by webbox" connection-state=\
established disabled=yes
add action=accept chain=customer comment="Added by webbox" connection-state=\
related disabled=yes
add action=drop chain=customer comment="Added by webbox" disabled=yes
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes

mangle

ip firewall mangle
add action=mark-packet chain=prerouting comment=all-p2p disabled=no \
new-packet-mark=p2p p2p=all-p2p passthrough=no time=\
10h-23h49m59s,sun,mon,tue,wed,thu,fri,sat

l7

/ip firewall layer7-protocol
add name="\B5TP-1" regexp="\\x7F\\xFF\\xFF\\xFF\\xAB"
add name=DHT regexp="^d1:[a|r]d2:id20:.*:y1:[q|r]e"
add name="\B5TP-2" regexp="\\\\x7F\\\\xFF\\\\xFF\\\\xFF\\\\xAB"
add name=bittorrent regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrap\
e\\\?info_hash=|get /announce\\\?info_hash=|ge\t\r\\n/ann\?uk=|get\r\\n/cl\
ient/bitcomet/|get /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"


Ответить