1
- SYN filtering
Some advanced filtering can by applied to tcp packet state.
/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-state=new \
action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=yes
/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new \
action=accept comment="" disabled=no
/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new \
action=drop comment="" disabled=no
"syn limit=400" is a threshold, just enable rule in forward for syn packets to get dropped (for excessive amount of new connection)
Някакво мнение по въпроса има ли ефект при добавянето му и прави ли някакви проблеми след това?
