Some tests with blocking P2P, MSN and others with L7-filter and iptables in my company without luci:
Install the newest version without luci.
TELNET to OpenWrt (use Putty) - 192.168.1.1
passwd
reboot
SSH to OpenWrt (use Putty) - 192.168.1.1
opkg update
opkg install iptables iptables-mod-extra l7-protocols
You can use WinSCP to edit files directly on windows. Select mode on SCP "file protocol"
edit /etc/firewall.user
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
#l7proto MSN and P2P block
iptables -I FORWARD -m layer7 --l7proto msnmessenger -j DROP
iptables -I FORWARD -m layer7 --l7proto msn-filetransfer -j DROP
iptables -I FORWARD -m layer7 --l7proto 100bao -j DROP
iptables -I FORWARD -m layer7 --l7proto ares -j DROP
iptables -I FORWARD -m layer7 --l7proto audiogalaxy -j DROP
iptables -I FORWARD -m layer7 --l7proto bittorrent -j DROP
iptables -I FORWARD -m layer7 --l7proto directconnect -j DROP
iptables -I FORWARD -m layer7 --l7proto edonkey -j DROP
iptables -I FORWARD -m layer7 --l7proto fasttrack -j DROP
iptables -I FORWARD -m layer7 --l7proto gnutella -j DROP
iptables -I FORWARD -m layer7 --l7proto mute -j DROP
iptables -I FORWARD -m layer7 --l7proto poco -j DROP
iptables -I FORWARD -m layer7 --l7proto shoutcast -j DROP
iptables -I FORWARD -m layer7 --l7proto soulseek -j DROP
iptables -I FORWARD -m layer7 --l7proto tesla -j DROP
# Block Torrents Strings using Boyer-Moore
iptables -I FORWARD -m string --string "BitTorrent protocol" --algo bm -j DROP
#iptables -I FORWARD -m string --string ".torrent" --algo bm -j DROP/etc/init.d/firewall restart
Enjoy my friends! The possibilities are endless.
