Warning: You MUST do this at a local console. WIPFW blocks Remote Desktop and VNC connections by default.
Step 1
Download WIPFW from http://wipfw.sourceforge.net/
Step 2
Extract the downloaded zip to C:\Program Files\WIPFW
Step 3
In the WIPFW directory, run install-deny.cmd
Warning: All Remote Desktop, VNC, Windows File Sharing, and other server apps WILL be cut off at this point. Don't worry, you can re-enable them later.
Step 4: Windows XP Only
Start -> Control Panel -> Security Center
Click on Manage Security Settings for: Windows Firewall
Select Off and click OK
Back in the Security Center, under the red heading for Firewall, select Recommendations...
Check I have a firewall solution that I'll monitor myself and click OK
Step 5
Save the following in the file C:\windows\System32\drivers\etc\protocol (no extension, replace windows with WINNT if you are using Windows 2000)
#
# This file contains the Internet protocols as defined by RFC 1700
# (Assigned Numbers).
#
# Format:
#
# <protocol name> <assigned number> [aliases...] [#<comment>]
ip 0 IP # Internet protocol
icmp 1 ICMP # Internet control message protocol
ggp 3 GGP # Gateway-gateway protocol
tcp 6 TCP # Transmission control protocol
egp 8 EGP # Exterior gateway protocol
pup 12 PUP # PARC universal packet protocol
udp 17 UDP # User datagram protocol
hmp 20 HMP # Host monitoring protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
rdp 27 RDP # "reliable datagram" protocol
rvd 66 RVD # MIT remote virtual disk
Step 6
Open C:\Program Files\WIPFW\wipfw.conf in notepad.
Replace the contents with the following:
# wipfw.conf
# Replace 55259 with your bittorrent port and 55359 with your bittorrent port+100
######################
# First flush the firewall rules
-f flush
# Localhost rules
add 100 allow all from any to any via lo*
# Prevent any traffic to 127.0.0.1, common in localhost spoofing
add 110 deny log all from any to 127.0.0.0/8 in
add 120 deny log all from 127.0.0.0/8 to any in
# Drop incoming packets with RST flag on BitTorrent port
# This is what thwarts Sandvine.
add deny tcp from any to me 55259-55359 tcpflags rst
# Add state stuff
add check-state
add pass all from me to any out keep-state
add count log ip from any to any
# Allow new incoming BitTorrent connections
add pass tcp from any to any 55259
add pass udp from any to any 55259
Step 7
Season to taste with any of the following rules (append to the end of wipfw.conf)
File and Print Sharing
add pass tcp from any to me 135-139
add pass udp from any to me 135-139
# Allow direct-hosted SMB w/out NetBIOS
add pass tcp from any to me 445
add pass udp from any to me 445
VNC
add pass tcp from any to me 5900
Remote Desktop
add pass tcp from any to me 3389
More filters coming soon...
Step 8
Start -> Run
type cmd and press enter
Run the following two commands:
net stop ipfw
net start ipfw
Step 9
Configure your torrent client to use an outgoing port range.
uTorrent
The settings are hidden under the advanced options pane. First, set "net.outgoing_port" to the lower end of the port range (e.g 55259) on which you are blocking RST packets. Then set "net.outgoing_max_port" (uTorrent 1.7 and above only) to the upper end of the port range (e.g. 55395).
Azureus
coming soon