Community discussions

MikroTik App
 
sajibnandi
just joined
Topic Author
Posts: 16
Joined: Tue Jan 10, 2017 12:16 pm
Location: Dhaka
Contact:

How to do limit established connection in mikrotik ?

Tue Dec 24, 2019 2:10 pm

Dear All ,
I want to limit connection as per users thats meanes per IP, i use below command in my mikrotik
/ip firewall filter
add action=drop chain=forward connection-limit=50,32 connection-state=established log=yes protocol=tcp src-address-list=192.168.1.0/24

but connection limit applied for total block 192.168.1.0/24 , where 32 mask not working
anyone can help me with that issue?

Thanks
Sajib
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: How to do limit established connection in mikrotik ?

Tue Dec 24, 2019 7:53 pm

Connection Limit :
Matches connections per address or address block after given value is reached. Should be used together with connection-state=new and/or with tcp-flags=syn because matcher is very resource intensive
https://wiki.mikrotik.com/wiki/Manual:I ... all/Filter
 
sajibnandi
just joined
Topic Author
Posts: 16
Joined: Tue Jan 10, 2017 12:16 pm
Location: Dhaka
Contact:

Re: How to do limit established connection in mikrotik ?

Tue Dec 24, 2019 10:04 pm

Hi Zacharias,
Thanks for your replay.
I will check as per your instruction, I think it will be woked.

Thanks
 
sajibnandi
just joined
Topic Author
Posts: 16
Joined: Tue Jan 10, 2017 12:16 pm
Location: Dhaka
Contact:

Re: How to do limit established connection in mikrotik ?  [SOLVED]

Sat Dec 28, 2019 12:04 pm

Problem has been solved by using below command, connection limit by per IP from one network block
/ip firewall filter
add action=drop chain=forward comment="TCP Connection Limits" connection-limit=200,32 protocol=tcp src-address=172.21.4.0/23 tcp-flags=syn


Thanks
Sajib Nandi
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: How to do limit established connection in mikrotik ?

Sat Dec 28, 2019 2:18 pm

So the solution appears to be my answer... Isnt it ?

Who is online

Users browsing this forum: LouisdeBussy and 4 guests