Starlink’s revolutionary satellite internet has brought connectivity to previously underserved regions, but with its power comes responsibility. One crucial aspect of responsible Starlink usage is adhering to their terms of service, which explicitly prohibit torrenting.

To ensure continued access to Starlink’s exceptional service and avoid potential service disruptions, MikroTik offers a robust solution: a custom firewall script specifically designed to block torrent traffic.

The Script’s Anatomy:

1. Identifying Torrents:

The script starts by defining a “layer7-protocol” named “torrent.” This protocol uses regular expressions to sniff out telltale signs of torrent traffic. The list includes:

  • BitTorrent protocol handshake: This string identifies the initial communication between torrent clients.
  • Tracker requests: These requests contain information like the “info_hash” of the desired torrent file.
  • BitComet client queries: Specific queries used by the BitComet client are also flagged.
  • Data transfer patterns: The script looks for specific byte sequences indicative of torrent data exchange.

2. Marking Torrent Users:

Once a device is identified as engaging in torrent activity, its IP address is added to a special address list called “Torrent-Conn.” This list acts as a digital blacklist, keeping track of potential offenders.

3. Blocking Torrent Traffic:

The final step involves taking action against the identified torrent users. The script adds two rules to the “forward” chain of the firewall:

  • TCP Rule: This rule drops all TCP traffic originating from the “Torrent-Conn” list on ports not commonly used for legitimate purposes (excluding essential ports like SSH and web browsing).
  • UDP Rule: Similarly, the UDP rule drops all UDP traffic from the list on non-essential ports.


  • Starlink-friendly: By effectively blocking torrent traffic, this script helps avoid potential service disruptions and keeps your Starlink account safe.
  • Granular control: The address list allows you to manually add or remove devices from the block, offering flexibility in managing torrent access.
  • Customizable: The script can be further tweaked to refine the detection rules and adjust the blocking actions to suit your specific needs.

Important Note:

It’s crucial to remember that while blocking torrents is essential for Starlink compliance, it’s not a one-size-fits-all solution. Some legitimate applications and services utilize torrent protocols. Carefully assess your needs and adjust the script accordingly to strike the right balance between security and functionality.


/ip firewall layer7-protocol add comment="Block Torrents" name=torrent regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /announce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"

/ip firewall filter add chain=forward in-interface-list=LAN src-address-list=!allow-bit layer7-protocol=torrent action=add-src-to-address-list address-list=Torrent-Conn address-list-timeout=30s comment="Block Torrents"

/ip firewall filter add chain=forward protocol=tcp dst-port=!0-1023,1723,5900,5800,3389,8728,8291,14147,5222,59905 src-address-list=Torrent-Conn action=drop comment="Block Torrents"

/ip firewall filter add chain=forward protocol=udp dst-port=!0-1023,1723,5900,5800,3389,8728,8291,14147,5222,59905 src-address-list=Torrent-Conn action=drop comment="Block Torrents"