How can i limit connection from host?
I do a touch on my network and i saw a lot of connections from a single ip address on the network.
I need help
Re: Limit connection from host
Code: Select all
add action=drop chain=forward comment="" connection-limit=200,32 disabled=no protocol=tcp
-
-
firewallrule
Member Candidate
- Posts: 118
- Joined:
Re: Limit connection from host
@fekler,
what does connection-limit=200,32 stand for.
Explain this rule more please
what does connection-limit=200,32 stand for.
Explain this rule more please
Re: Limit connection from host
http://wiki.mikrotik.com/wiki/Manual:IP ... Properties@fekler,
what does connection-limit=200,32 stand for.
Explain this rule more please
connection-limit (integer,netmask) Restrict connection limit per address or address block
32 means a 32-bit netmask, so per-host restriction.
-
-
tomspappola
just joined
- Posts: 18
- Joined:
Re: Limit connection from host
Hi Feklar
Can you post and example for limiting udp ?
Thanks
Tom
Can you post and example for limiting udp ?
Thanks
Tom
Re: Limit connection from host
Code: Select all
add chain=forward protocol=udp limit=50,5 action=drop
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
You can obviously get more firewall matches to drop packets off of instead of just setting a hard limit for everything, but that's the rule in it's most basic form. What it means is that the first 5 packets of UDP are ignored from the count, and after that only anything above 50 packets per second are dropped. The rule can also apply to different kinds of traffic like TCP and ICMP, it's just narrowed down by the protocol matcher.limit (integer,time,integer; Default: ) Matches packets within given pps limit. Parameters are written in following format: count,time,burst.
count - maximum average packet rate measured in packets per time interval
time - specifies the time interval in which the packet rate is measured
burst - number of packets which are not counted by packet rate