This Application Note will help you to configure a denial/block to P2P Applications like U Torrents/Bit Torrents. DrayTek routers series 2830/2860/2760/2925 and all models that support CSM(Content Security Manager)/Firewall Feature will be able to support this documents.
P2P Connections consume a high amount of bandwidth on internet if users try to download too many P2P files. In order to secure the Internet utilization, DrayTek have produced this document to support customers with their specific requirements on blocking P2P applications and connections. Here is a sample configuration to block certain users/IPs to use P2P and Allow the rest.
Please Login to your Router http://192.168.1.1
Now go to Content Security Manager i.e CSM and under CSM click APP Enforcement Profile as shown in the picture.
Name it anything you like, We have given the name here for example Block-BitTorrent.
Click Profile No: 1 and Select the P2P settings beside IM settings as shown in the snapshot below.
Click OK and You are done with creating an APP enforcement Profile.
The next step for this feature is to create some Firewall Filters. Firewall filters will determine the traffic to allow or block the P2P Applications/torrents from download. Most DrayTek Routers are capable of doing this Firewall Filtering.
Go to Firewall/Filter Setup/Default Data Filter
Edit Filter Rule 2, name it whatever you like, In this example we have given the name Block BitTorrent
Select it as Active and Edit this filter rule 2 by clicking on it.
Select options as follows:
Direction: LAN to WAN
Source IP: IP of the user/users/subnet you would like to block(e.g 192.168.1.11/255.255.255.255)
Services Type: Select User Defined and choose ports from 1024 to 65535 for both source and destination.
Filter: Block Immediately- Enable Syslog by clicking on it if you would like to know whether user have tried access to these sites.
This method may block some users who use some specific between between 1024-65535. In this case an Allow filter can be created which will allow the other users to use the Internet as a normal user without any restriction.
Create Filter to Allow IP Range 192.168.1.16-192.168.1.200 to access all the ports as normal.
In This snapshot, instead of selecting port range 1024-65535, you have selected any that allows all for the above users ranging from 192.168.1.16-16126.96.36.199
Click OK and the Firewall filter setup is done.
You can also Block a complete subnet as shown by this snapshot which will block the access to Bit Torrent to all users.
You can also select a range of addresses you would like to allow/block P2P Applications as per below example.
Now checking the P2P/BitTorrent Application whether it works or not.
In this snapshot you will see that the IP Address who is is a single user cannot connect to torrents/peers to download the files.
For other users with IP range of 192.168.1.16-192.168.1.200, The torrent/P2P download is available.