Hey all, well, following the manual I reached this example:
/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-limit=100,32 action=drop
which says it would limit each user on my network to only have a maximum of 5 connections simultaneously.
Does this mean 5 connections through the router?
Thing is, I would like to apply a limit in the wireless interface, so that clients generating loads of connections would get theirs rejected when they go over a certain point( 20 connections is the limit stipulated)
How would I do it?
I’ve tried to read the manual, though I haven’t been able to understand the procedure…
I mean, in any cases, what’s the current rule doing at all? is it just limiting 5 connections TO the routerboard? or 5 connections THROUGH the routerboard to the next hop?
Either way, I applied the rule and I started having problems with it… Looks like if it was applying a 100 connections limit to ALL terminals connected. Which means surfing has become a hassle…
Thanks in advice, and I hope someone can give me hand…
The way I thought about that is one connection is probably with the DHCP (maybe or not) then 4 web pages are open at the same time. when they open the 5th page they would get denied by the router. I guess a better way is that they have 5 web pages open and the 6th count as over the limit. I’m not sure if DHCP is considered a connection at this point.
Well, we’re using fixed IPs (did I write that in the first post?)
Either way, DHCP is not “on” full-time, just on DHCP-LEASE and DHCP-RENEW but either way, it would be UDP (If I’m not utterly wrong) and connection limit can only be imposed in (6)TCP protocol as UDP is stateless..
I’ve allready dropped the most of the traffic I reached of P2P but for some reason I keep having 1800+ connections just because of that bloody UDP streams…
Any idea on what to do to block Ares Galaxy? It seems to use GNUTella, but up to now, with 2.9.35 I haven’t been able to solve that little issue (I haven’t been in charge of the Mikrotik up until recently, either, so it’s not that of a mortal sin, I think hehe)