iptables how to block bittorrent?

ng flag

I need to block all bittorrent traffic using iptables. As I know, bittorrent can adapt to existing firewall filters and send packages considering rules. But I can't figure out how to counter this. So I tried some iptables rules I found on the internet but nothing really helps. Sometimes bittorrent protocol packages stop being received but traffic is still coming regardless of bittorrent protocol packages. I should mention that I can't just block everything except a couple ports I need. I have to block only bittorrent traffic.

So I tried this:

sudo iptables -A INPUT -m string --string "BitTorrent" --algo kmp --to 65535 -j DROP
sudo iptables -A INPUT -m string --string "BitTorrent protocol" --algo kmp --to 65535 -j DROP
sudo iptables -A INPUT -m string --string "peer_id=" --algo kmp --to 65535 -j DROP
sudo iptables -A INPUT -m string --string ".torrent" --algo kmp --to 65535 -j DROP
sudo iptables -A INPUT -m string --string "announce.php?passkey=" --algo kmp --to 65535 -j DROP
sudo iptables -A INPUT -m string --string "torrent" --algo kmp --to 65535 -j DROP
sudo iptables -A INPUT -m string --string "announce" --algo kmp --to 65535 -j DROP
sudo iptables -A INPUT -m string --string "info_hash" --algo kmp --to 65535 -j DROP

Also I duplicated this rules but changed INPUT to OUTPUT and FORWARD. So at the moment I had 8 * 3 = 24 rules at the same time. After that I added the same rules, but using ip6tables instead iptables to block all ipv6 traffic.

After that I tried to add some additional rules:

sudo iptables -I INPUT -p tcp -m ipp2p --bit -j DROP
sudo iptables -I INPUT -p udp -m ipp2p --bit -j DROP

I also duplicated these rules using ip6tables, OUTPUT and FORWARD.

To summarize, I have added rules for blocking bittorrent traffic based on two methods:

  1. According to concrete patterns in package
  2. Using ipp2p module

But nothing really helps. I tried the first and second approach simultaneously and separately. The best result I could get (while using all rules at the same time) was 1 minute delay of torrent file downloading start, but after a minute the connection establishes.

Also when I tried the first approach (with patterns) I found interesting package. For some reason it has the pattern that I just filtered out. Maybe the way I filter by pattern is wrong? (--algo kmp/bm flag does not seem to change anything)

Maybe someone has already solved this problem?

I'm using Ubuntu 22 inside VirtualBox. I use qBittorrent, Wireshark.

Should I provide any additional information?

P.S. I'm starting to concern that it's just impossible, but anyway, i want to try

diya avatar
la flag
Does this answer your question? [Using Linux IPTables, How to block torrents or any P2P protocols?](
diya avatar
la flag
Rather than only disallowing a specific protocol generally the enterprise approach is to do the opposite: disallow everything and prohibit all direct internet access. Mandate the authenticated use of an HTTP proxy (that does TLS decryption and layer 7 inspection) for normal users and business applications that need internet access. Only for valid business applications that can't use a proxy specific exceptions will be granted, as restrictive as possible.

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.