Hi, If you want the machine to be able to access other resources on the internet, the simplest solution would be to remove the torrent client. Most torrent clients can be configured to use various ports, so you would have to as you stated block all out bound traffic from that machine. The following rule would be needed, Action: Block Interface: LAN Protocol: Any Source: Single Host or Alias (Has to be IP address) Source Port Range: Any Destination: Any Destination port Range: Any
Remember also, that he rules are processed in order, so this rule needs to be above another rule that would let traffic out for the subnet.
Of course, the user could simply change the IP address of the machine and then they would be out again. My preferred solution would be to have a block all rule at the bottom of the list, and then add rules that explicitly allow what ports can go out, i.e. http, https, ftp, SMTP, POP, IMAP, ntp, above this for the LAN subnet. You do end up with lots more rules as you have to have one for every outgoing port, but this is much more secure.
|