/ip firewall filter
add action=drop chain=forward comment="block torrent" layer7-protocol=torrentsites src-address-list=no_torrent
add action=drop chain=forward dst-port=53 layer7-protocol=torrentsites protocol=udp src-address-list=no_torrent
add action=drop chain=forward content=torrent src-address-list=no_torrent
add action=drop chain=forward content=tracker src-address-list=no_torrent
add action=drop chain=forward content=getpeers src-address-list=no_torrent
add action=drop chain=forward content=info_hash src-address-list=no_torrent
add action=drop chain=forward content=announce_peers src-address-list=no_torrent
add action=drop chain=forward p2p=all-p2p src-address-list=no_torrent
/ip firewall layer7-protocol
add name=torrentsites regexp="^.*(get|GET).+(torrent|nthepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|ntorrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|nentertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|nflixflux|seedpeer|fenopy|gpirate|commonbits).*$"
no_torrent адрес лист для блокированных ip
add action=drop chain=forward comment="block torrent" layer7-protocol=torrentsites src-address-list=no_torrent
add action=drop chain=forward dst-port=53 layer7-protocol=torrentsites protocol=udp src-address-list=no_torrent
add action=drop chain=forward content=torrent src-address-list=no_torrent
add action=drop chain=forward content=tracker src-address-list=no_torrent
add action=drop chain=forward content=getpeers src-address-list=no_torrent
add action=drop chain=forward content=info_hash src-address-list=no_torrent
add action=drop chain=forward content=announce_peers src-address-list=no_torrent
add action=drop chain=forward p2p=all-p2p src-address-list=no_torrent
/ip firewall layer7-protocol
add name=torrentsites regexp="^.*(get|GET).+(torrent|nthepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|ntorrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|nentertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|nflixflux|seedpeer|fenopy|gpirate|commonbits).*$"
no_torrent адрес лист для блокированных ip
Комментариев нет:
Отправить комментарий