Access Restriction to block torrents not working (yet)

Discussion in 'Tomato Firmware' started by Hogwild, Mar 5, 2012.

  1. Hogwild

    Hogwild LI Guru Member

    Hi everyone:

    Thanks to help from a few of you in another thread, I got QoS doing pretty much just what I wanted in terms of traffic flow. Mostly this was about limiting torrent traffic of someone in our building.

    Firmware is is stock Tomato 1.28.1816 .

    Now, I changed my mind, and decided I'd like to block Torrents and avoid the problem altogether. I entered this Access Restriction rule, as seen in the screenshot.

    Tomato-access restrict-torrent-blurred.jpg

    Problem is, it's not working at all. Have I missed something obvious or ??

    Thanks for any help.

  2. Hogwild

    Hogwild LI Guru Member

    Whoops! Just noticed that according to the other forum threads, I was supposed to specify "HTTP GET" commands,

    I don't see anything for "HTTP GET" exactly...
    So Do I just specify "HTTP" under Layer 7 filters for that and then it should work?


  3. dthatcher

    dthatcher Networkin' Nut Member

    Why not just use Layer 7 filtering for bittorrent, edonkey, and gnutella? I am curious if there is an advantage to your method.
  4. Toastman

    Toastman Super Moderator Staff Member Member

    None of these will work, they will not catch ALL torrents. The IPP2P and L7 filters are really almost useless. It will take only one good P2P seed to evade them and take all your bandwidth.

    As you saw in the normal QOS rules, Torrents cannot satisfactorily be classified by a simple "rule" or string match.

    Instead, we use QOS rules to allow the things we DO want to be prioritized, and anything else, including torrents, ends up in the default class. Normally we then limit it, but in your case, you want to throttle it to death .... but the way you did it before, using QOS, was the way to go.
  5. Hogwild

    Hogwild LI Guru Member

    I don't want to use layer 7 filtering, because the other person in the building will just turn on encryption and bypass it.

    I don't want to just shape/limit the traffic any more. Now, I want to BLOCK torrents (as much as is possible anyway) for that other person.

    I thought that configuring an Access Restriction rule bound to his/her IP would actually prevent the person in question from being able to initiate
    the Torrent download, at least when he tried to initiate it by clicking on a link in a webpage to initiate it, such as "Download this Torrent" or "Magnet link" etc. Am I misunderstanding this?

    EDIT: Right this moment, with "HTTP" selected under Layer 7 Filter, the other person in my building can't get ANY access to websites. I just want to block Torrent and Magnet links etc. What am I doing wrong?

  6. CardinS2U

    CardinS2U Network Guru Member

    you cant block torrents can limit the bandwidth to dealth but not block it. What I would do is just classify things that I do like browsing webpage 0-1mb highest priority and after that it throttle it.....

    Toastman classification works perfect for me..

    try downloading one of toastman builds and just leave everything the way it is after nvram clearing. Then setup QOS rates and see how it works out for u. He did a good job classification.
  7. Hogwild

    Hogwild LI Guru Member

    While I appreciate your help friends,, I ALREADY HAVE QoS working, as I described earlier (and in my other thread).

    Can someone kindly explain why "mikester" and at least a few others on this forum claim to have the Access Restrictions thing (at least partly) working in terms of blocking some Torrents but you are telling me it won't work?

    Yes, I know the "stock" <pun not intended> answer around here is often to just tell people to "switch to Toastman" or whatever distrib. is peoples' favourite. However, I do not wish to reflash a router, reconfigure tons of setting in a different version of Tomato. I simply want to achieve what I'm trying to do here.

  8. CardinS2U

    CardinS2U Network Guru Member

    access restriction you cant block torrents with it. you can block the computer from access the internet at certain times of the day and blocking a website from being accessed.
  9. bluenote

    bluenote Addicted to LI Member


    If you have the QOS working as you say, what's the harm?
    Upping the ante in the technology arms race is likely,
    given an opponent of technical expertise,
    to cause you more problems. The level to which
    is proportional to that expertise.

    If you are declaring war, are you prepared for
    - having your router password sniffed or bruteforced, settings changed
    subtly to make your QOS settings impact everyone in the household
    in a negative manner so suddenly your access and credibility is in danger?

    - internal DDOS, spoofed MAC's, windows shares infected with viruses

    This may or may not be realistic but I would at least consider what this is worth to you.
  10. Hogwild

    Hogwild LI Guru Member

    EDIT: Bluenote...what's the harm is that the constant use of BT is spreading our IP out onto the Net, and as a result, we end up having our WAN IP hammered, sometimes for days at a time. That, plus QoS always seems to slow things down, at least a little, when it's operating.

    Thanks. Normally I would say these things are excellent advice, but..
    the person in queston has no technical skills (other than having noticed
    the encryption button in uTorrent) and is absolutely lazy beyond belief.

    My prediction is that (s)he will never bother to learn anything technical which
    would require more than 30 seconds of thinking/reading/effort.

    So, you're saying "Mikester"'s suggestion in his posts does nothing at all?


  11. shadowken

    shadowken Networkin' Nut Member

    You can block P2P traffic using "String match" module if it's loaded on Tomato .
    Unfortunately , it's not loaded on TOMATO yet due to instability issues maybe !!
  12. Hogwild

    Hogwild LI Guru Member

    EDIT: I got it working. Not sure it is exactly the same way you folks originally intended, but I did get it to take some effect. I realized after pulling my hair out that the Access Restriction rule was just corrupted. So I added a few of the keywords to another, pre-existing rule, and VOILA! It just stops the person from going to any webpage which contains the words torrent or tracker.
    The funny part is that I can't browse this thread without having to disable that rule! LOL

    Thanks everyone, for your patience and your help.

    Okay, this moment, not only can I not get it working with Access Restrictions, but also,
    when I enter ANY Torrent-related term into the "HTTP REQUEST" field in Access Restrictions, it blocks all
    web traffic entirely. I'm assuming I'm doing something dumb, or could that be some sort of bug?

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice