We use only filter for single IP connection limit and renewing src-lists timeouts.RAW is introduced to be able to block traffic before it hits connection tracking and so avoid high CPU usage.
UDP/Mangle/Filter need connection tracking and so using the CPU big time.
We run ours at 1200Mhz and it seems to work just fine.
sorry we are really new can you tell me how can i get PCAP from where ?Could you show a PCAP of the traffic these attackers send to you?
yes we are sure: here is the details : viewtopic.php?f=13&t=121270&p=596213#p596368Despite the 100% CPU usage, are you sure your 10 Gbps link isn't getting 100% consumed by the attack traffic?
We use raw table and Filter Rules. So what we should choose ?Do you use raw table for dropping?
Also did you disable allow remote requests under your DNS?