I know this post is old, but I thought I'd pass along a different solution.
Most torrent traffic occurs on so-called "high" ports, ones numbered from 1024-65535. Ports below this can only be opened by software running (at least initially) with root permissions like SMTP (port 25) and HTTP servers (80). Ordinary users can run software like torrent clients that listen on the high ports.
At one site I consult to, we've simply blocked all traffic originating on a client computers' high ports from connecting to any remote's high ports like this:
Code:
iptables -A FORWARD -p tcp -s 10.10.0.0/16 --sport 1024:65535 -d ! 10.10.0.0/16 --dport 1024:65535 -j REJECT
iptables -A FORWARD -p udp -s 10.10.0.0/16 --sport 1024:65535 -d ! 10.10.0.0/16 --dport 1024:65535 -j REJECT
These allow machines within our network (10.10.0.0/16) to carry out high-port communication with each other, but forbids them from connecting to high ports on remotes.
These rules will block most torrent traffic and other bandwidth gobblers like streaming radio and gaming. They may also block some legitimate traffic as well. We log all packets that match this rule (by adding two identical rules above these with "-j LOG" instead of "-j REJECT") just in case. Usually the IT department will hear complaints if a legitimate service (like, e.g. GoToMyPC) is blocked.
Bookmarks