Community discussions

MikroTik App
  4. RouterOS
  5. General

anti dos attack rule for forward

Post Reply
 
Ehman
Member
Member
Topic Author
Posts: 391
Joined: Mon Nov 15, 2010 10:49 pm

anti dos attack rule for forward

Mon Dec 30, 2013 6:28 pm

Hi

Ive been struggling to make a forward rule to stop a internal IP to dos attack a external IP

Code: Select all
add action=add-src-to-address-list address-list=Syn_Flooder \
    address-list-timeout=30m chain=forward connection-limit=100,32 protocol=\
    tcp tcp-flags=syn

this rule suck, it keeps on adding the src and dst to my address list, but I only want to add the src address to my address list, I don't care about the dst ip that is getting attack, can someone help me?

when changed to input the rule works like a charm
Top
 
ditonet
Forum Veteran
Forum Veteran
Posts: 835
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:
Contact ditonet

Re: anti dos attack rule for forward

Mon Dec 30, 2013 6:53 pm

Add 'incoming' and 'outgoing' interfaces as conditions to rule.

HTH,
Top
 
Ehman
Member
Member
Topic Author
Posts: 391
Joined: Mon Nov 15, 2010 10:49 pm

Re: anti dos attack rule for forward

Mon Dec 30, 2013 10:59 pm

Add 'incoming' and 'outgoing' interfaces as conditions to rule.

HTH,
I'm such a idiot sometimes :lol: ... .thx mate :D
Top
Post Reply

Who is online

Users browsing this forum: krissg, pajapatak and 30 guests
  4. RouterOS
  5. General