Please help me with connection-limit match: I need limit maximum
amount of PPTP server clients to 100, I use this chain:
/ip firewall filter add chain=input protocol=tcp dst-port=1723
tcp-flags=syn connection-limit=100,0 action=reject reject-with=tcp
reset
but this chain works as this one:
/ip firewall filter add chain=input protocol=tcp dst-port=1723
tcp-flags=syn connection-limit=100,32 action=reject reject-with=tcp
reset
So it sets the limit to 100 connections from ONE IP (100,32), not
from ENTIRE NETWORK (100,0).
I have 20 RB1000 with 3.16 and 3.21 firmware, it works as I need
(100,0) only on one RB1000 with 3.16. I’ve contacted my reseller,
but them can’t help me. Please help, we expecting big troubles with
RB1000 overload. We can have 250 and more sessions on each and I’d
like to limit them to 100, we use DNS balancing (round-robin), so
clients will automatically reconnect to other server if this one
rejects them.