Looks like 10.20.20.112 is trying to log into 10.20.20.75 on port 443. Since these are private ips, they must be on your own network, and p2p wouldn’t really have an effect on internet performance. I am pretty sure this conntrack log excerpt stated can be dismissed, but then again i don’t know your network and what those ips are, but they are local anyways. If you want to drop something, you need to go to the firewall section and apply a rule just like you would in the QoS classifier section. But here, use a drop rule or a “reject with…”. I use drop. You really can’t block p2p. It will always port hop, so you want to use L7 filters, but the open source filter ones can’t see all p2p, like ZS and many other firewalls. It can see most but not all, especially NOT encrypted traffic. So, traffic shaping/limiting is done through port rules and qos on them.
You need to use iptraf, ntop, and/or the conntrack log viewer to see live traffic and apply the rules accordingly. Use the L7 filter, and apply individual rules in the firewall section to drop all of the p2p listed L7 filters, there’s no way to do a group of filters, so you need a seperate rule for each p2p filter, and drop it.
Make a rule for known protocols i.e, http,etc. and give it a /prio/speed, then make the default class the lowest prio/speed, but not to slow, or you’ll find some things may not work correctly. Everything else is live and rules need to be applied live. That’s the horrible, uh hmm… i mean fun, part of maintaining qos on a network.