Here is a script:
/ip firewall layer7-protocol
add comment="Block Bit Torrent" name=layer7-bittorrent-exp regexp="^(\\x13bitt\
orrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?inf\
o_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[\
RP]"
/ip firewall filter
add action=add-src-to-address-list address-list=bit-list \
address-list-timeout=1m chain=forward disabled=yes dst-address-list=\
!bit-unblock-list p2p=bit-torrent src-address-list=!bit-unblock-list
add action=add-src-to-address-list address-list=bit-list \
address-list-timeout=1m chain=forward disabled=yes dst-address-list=\
!bit-unblock-list layer7-protocol=layer7-bittorrent-exp src-address-list=\
!bit-unblock-list src-address-type=local
add action=drop chain=forward disabled=yes dst-port=!80,443 protocol=tcp \
src-address-list=bit-list
add action=drop chain=forward disabled=yes protocol=udp src-address-list=\
bit-list
No comments:
Post a Comment