I would like to enable/disable firewall rules based on criteria, such as how much traffic is passing through an interface (e.g. mark-routing). All other rules are already in place, such that users experience doesn't get affected when it happens, and traffic still flows smoothly (via another interface for example).
My main concern is, would rapidly enabling/disabling firewall rules cause issues?
I'm not sure how RouterOS deals with firewall changes. Are things recompiled and changing the firewall 5x to 10x a second destroy CPU capacity? Will my NAND storage suffer? Would in-flight packets, still in the middle of processing in the firewall, get dropped? Those types of concerns.