Torrent - zollak/pentest-notes GitHub Wiki
p2p matcher is obsolete from MikroTik RouterOS 6.39, so we need to use layer7 matcher instead of p2p:
/ip firewall layer7-protocol
add comment=http://l7-filter.sourceforge.net/layer7-protocols/protocols/bittorrent.pat name=L7-Torrent regexp=\
"^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"
/queue tree
add limit-at=256k max-limit=256k name=Torrent-Download packet-mark=Torrent-Conn parent=global priority=5 queue=default
/ip firewall filter
add action=accept chain=forward comment="Allow Torrent download - optional" in-interface=bridge1 log-prefix=TORRENT out-interface=ether1 protocol=tcp src-address=10.10.10.10 src-port=!0-29999
add action=accept chain=forward comment="Allow torrent from dynamic address list - optional" dst-address=10.10.10.10 dst-address-list=Torrent-Add log-prefix=TORRENT
add action=accept chain=forward comment="Allow torrent to dynamic address list - optional" dst-address-list=Torrent-Add log-prefix=TORRENT src-address=10.10.10.10
add action=accept chain=forward comment="Allow Torrent download - requied" in-interface=bridge1 log-prefix=TORRENT out-interface=ether1 protocol=udp src-address=10.10.10.10 src-port=7881-7889
/ip firewall mangle
add action=add-src-to-address-list address-list=Torrent-Add address-list-timeout=2m chain=prerouting layer7-protocol=L7-Torrent log-prefix=TORR
add action=add-dst-to-address-list address-list=Torrent-Add address-list-timeout=2m chain=prerouting layer7-protocol=L7-Torrent log-prefix=DSTTORR