Topic: Block torrent download using smeserver-webfilter

[masotsha]

Hello. I have very limited bandwidth and cannot afford having users download torrents.  How do I block download of the torrents or at least access to such sites? Thanks

[Stefano]

the short answer is "you can't".

the long one: you need a firewall that works at L7

the only things you can do with SME are:
- block access to torrent sites
- block download of .torrent files

there was a kernel module (see http://wiki.contribs.org/P2P_blocking) but it's unsupported.

[janet]

masotsha

I will keep saying it, try Dansguardian instead.
There are many ways of blocking "things" in DG that can be configured eg based on user, filenames (types), time of day & many more. Sometimes you have to think outside normal approaches.

Try also to add sites you want to block as Domains on sme server, configure to resolve DNS locally, & users will be redirected to your main domain website (eg when they try to login etc).

[Stefano]

dansguardian is a (web) proxy server/filter.. it can do nothing to block p2p traffic..

let's say I have my laptop.. at home, I download a .torrent file and start a p2p session..
when I'm at office, with my laptop, I can download everything.

a right approach is to block all outgoing traffic but from SME itself, and it will work even if SME is in server-only mode..
but this approach can have unpredictable side effects on clients

[janet]

Stefano

dansguardian is a (web) proxy server/filter.. it can do nothing to block p2p traffic..

Yes that's right p2p traffic is difficult to stop, but the question was how to stop access to torrent sites & stop downloads.
I am speaking generically.
If users cannot connect by logging in to their account etc, then they cannot proceed to do further transactions.
DG can assist to stop these services from being usable, but it may mean the admin has to think differently about the approach taken.

a right approach is to block all outgoing traffic but from SME itself, and it will work even if SME is in server-only mode..
but this approach can have unpredictable side effects on clients

So another approach may be to create iptables rules in the firewall, but if a user does something wrong the existing firewall integrity can be affected, so a good understanding of iptables rules is required.