Hi all!!! Please advise me. Some time ago I setup a webproxy for publish websites, before was one netmap nat rule and all worked fine, but an activated webproxy rule, make a huge load on a cpu of the mirkotik 100%, because it handle many connections, and I cant avoid this via general rules, is it possible achieve via some other rules ?
At the moment I made some rules but it's not help

1 ;;; --DDOS Protect-1
chain=input action=add-src-to-address-list connection-limit=30,32 protocol=tcp address-list=BlackList address-list-timeout=1d in-interface=ISP dst-port="" log=no log-prefix=""

2 ;;; --DDOS Protect-0
chain=input action=drop connection-limit=30,32 protocol=tcp src-address-list=BlackList in-interface=ISP dst-port="" log=no log-prefix=""

3 ;;; --DDOS Protect-2
chain=input action=tarpit connection-limit=3,32 protocol=tcp src-address-list=blocked-addr in-interface=l2tp-Beeline log=yes log-prefix=""

4 ;;; --DDOS Protect-3 SYN Flood protect
chain=forward action=jump jump-target=SYN-Protect tcp-flags=syn connection-state=new protocol=tcp log=no log-prefix=""

5 ;;; --DDOS Protect-4
chain=SYN-Protect action=accept tcp-flags=syn connection-state=new protocol=tcp limit=300,5:packet log=no log-prefix=""

6 ;;; --DDOS Protect-5
chain=SYN-Protect action=drop tcp-flags=syn connection-state=new protocol=tcp log=no log-prefix=""