[code language=»bash»]
> /ip firewall filter
> add action=drop chain=forward comment="block torrent" layer7-protocol=torrentsites src-address-list=no_torrent
> add action=drop chain=forward dst-port=53 layer7-protocol=torrentsites protocol=udp src-address-list=no_torrent
> add action=drop chain=forward content=torrent src-address-list=no_torrent
> add action=drop chain=forward content=tracker src-address-list=no_torrent
> add action=drop chain=forward content=getpeers src-address-list=no_torrent
> add action=drop chain=forward content=info_hash src-address-list=no_torrent
> add action=drop chain=forward content=announce_peers src-address-list=no_torrent
> add action=drop chain=forward p2p=all-p2p src-address-list=no_torrent
> /ip firewall layer7-protocol
> add name=torrentsites regexp="^.*(get|GET).+(torrent|nthepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|ntorrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|nentertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|nflixflux|seedpeer|fenopy|gpirate|commonbits).*$"
[/code]
no_torrent адрес лист для блокированных ip