.jpeg)
I will give an example of a ban on downloading torrent files, so to speak, the user will not be able to download a torrent file from the site and add it to the program for downloading. The first two rules create a list of addresses that will be specified in the third rule restricting downloads:
- ip firewall address-list add list=block_torrents address=192.168.88.55 disabled=no
- ip firewall address-list add list=block_torrents address=192.168.88.114 disabled=no
- add action=drop chain=forward content="\r\nContent-Type: application/x-bittorrent" out-in=e2 pr=tcp src-port=80 dst-address-list=block_torrents
- Restriction of TCP connections except for ports 80,443,8080:
- ip firewall filter add chain=forward action=drop tcp-flags=syn protocol=tcp src-address-list=torrent_limit dst-port=!80,443,8080 connection-limit=50,32
Restricting UDP connections:
- ip firewall filter add chain=forward action=drop protocol=udp src-address-list=torrent_limit connection-limit=50,32
- add action=drop chain=forward disabled=no p2p=all-p2p
