Всем привет. Актуальная сехма на момент написания статьи. P2P сети постоянно воюют с ограничениями, но на сегодняшний день это работает.
/ip firewall filter
add action=add-src-to-address-list address-list=Torrent-Conn address-list-timeout=2m chain=forward comment="Torrent Block 1/3" disabled=yes layer7-protocol=block-torrents src-address=10.0.1.0/24 src-address-list=!allow-bit
add action=drop chain=forward comment="Torrent Block 2/3" disabled=yes dst-port=!0-1024,8291,5900,5800,14147,5222,59905 protocol=tcp src-address-list=Torrent-Conn
add action=drop chain=forward comment="Torrent Block 3/3" disabled=yes dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=udp src-address-list=Torrent-Conn
add action=add-src-to-address-list address-list=Torrent-Conn address-list-timeout=2m chain=forward comment="Torrent Block 1/3" disabled=yes layer7-protocol=block-torrents src-address=10.0.1.0/24 src-address-list=!allow-bit
add action=drop chain=forward comment="Torrent Block 2/3" disabled=yes dst-port=!0-1024,8291,5900,5800,14147,5222,59905 protocol=tcp src-address-list=Torrent-Conn
add action=drop chain=forward comment="Torrent Block 3/3" disabled=yes dst-port=!0-1024,8291,5900,5800,3389,14147,5222,59905 protocol=udp src-address-list=Torrent-Conn
/ip firewall layer7-protocol
add name="Torrent sites" regexp="^.+(torrent|rarbg|thepiratebay|isohunts|entertane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsou\
p|meganova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits|d1:ad2|tracker|announce).*\$"
add comment="Block Torrents" name=block-torrents regexp=\
"^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
add name="Torrent sites" regexp="^.+(torrent|rarbg|thepiratebay|isohunts|entertane|demonoid|btjunkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|entertane|zoozle|vcdq|bitnova|bitsou\
p|meganova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|commonbits|d1:ad2|tracker|announce).*\$"
add comment="Block Torrents" name=block-torrents regexp=\
"^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
В итоге в фаерволе создается три правила, которые при обнаружении подозрительной активновности во внутренней сети заносят хост в access list на две минуты.
Не забудьте заменить адрес 10.0.1.0/24 на адрес вашей сети.