Windows Firewall rules to block P2P/Torrent traffic if VPN disconnects

It is extremely important to setup the PC properly in order to avoid IP leaks if the VPN is not connected or doesn't work as expected. This tutorial covers a very simple, yet effective way of blocking bittorrent traffic if the VPN connection is not active. The blocking is made via Windows Firewall, which comes by default on Windows: we highly recommend to use it instead of any other 3rd party firewall solutions for Windows. This also applies to Popcorn Time but make sure you follow the instructions for Popcorn Time as they are different. 
 

Step 1: define the executable and the firewall rules

 
Open Control Panel\System and Security\Windows Firewall and open the Advanced Settings from the left column.
Add both Inbound and Outbound rules where you search for the torrent client executable:
 
New Rule... > Program > This program path (browse for torrent executable such as %ProgramFiles% (x86)\qBittorrent\qbittorrent.exe) > Block the connection > check all 3 networks > give it a name ie. qbittorrent block
 
Action should be Block the connection and select all 3 networks (domain, private, public)
 

Step 2: define the IPs to block

 
Open the rules you created, find the Scope tab, in Local IP Address add your local network IP's (not the VPN) such as 192.168.0.0/16 and check These IP addresses:
For VPN we use 10.10.0.0/16 so you don't add that. Basically the Scope says "block the torrent software on all networks if the IP address of the interface matches the Scope defined network which is the LAN interface".
 
By defining the whole LAN subnet rather than PC's single IP address, you make sure that the rules apply even if your PC IP will change (it usually does if you use DHCP).
 

Step 3: test to see if it really works

 
Now without VPN try to download a Linux ISO torrent. See if it works. Close torrent, connect VPN, try again. Close VPN while torrent is active, it should stop.
 
Note that the "stop" looks more like a gradual one in most Bittorrent clients. In fact traffic stops instantly, but the torrent clients will show an average, gradually going to zero traffic.

Blocking Popcorn Time

Due to a known issue related to environment variable strings, when you add the path to Popcorn Time.exe make sure you insert the exact path without relying on system variable string or it won't be blocked. 
By default, the Popcorn Time.exe binary is located in C:\users\[myusername]\AppData\Local\Popcorn Time\node-webkit\Popcn Time.exe  

After you will use the Browse button in Windows Firewall rule to locate the program, it will automatically set it to %USERPROFILE%\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe  
To make it work, you will need to replace the %USERPROFILE% according to your user settings, such as C:\users\johndoe\Appdata\Local\Popcorn Time\node-webkit\Popcorn Time.exe  

In the above example, johndoe is the local username. 

Other tutorials: