Мнение за SYN filtering

[selianina]

Здравейте колеги , да попитам някой ползвал ли е :

• SYN filtering
  

Some advanced filtering can by applied to tcp packet state.

/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-state=new \

action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=yes

/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new \

action=accept comment="" disabled=no

/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new \

action=drop comment="" disabled=no

"syn limit=400" is a threshold, just enable rule in forward for syn packets to get dropped (for excessive amount of new connection)

Някакво мнение по въпроса има ли ефект при добавянето му и прави ли някакви проблеми след това?