I am trying to limit the amount of connection users can have open to stop the damage of p2p. I have seen bits on how to implement restrictions so only a small number of connection can be opened with ports over 1024. This is the current config i’m using which is not working.
I’m trying to limit the amount of connections to 10 for anything over 1024 while limiting the total to 40.
Any help will be greatly appreciated!
I am using PPPoe to a radius server for authentication.
/ip firewall filter
add action=add-src-to-address-list address-list=“P2P Users”
address-list-timeout=12h chain=forward comment=
“Adding P2P Users to List " connection-mark=P2P_Conn disabled=no
src-address=200.100.200.1-200.100.200.200
add action=add-src-to-address-list address-list=“P2P Users”
address-list-timeout=12h chain=forward comment=”" connection-mark=
P2P_Conn disabled=no dst-address=200.100.200.1-200.100.200.200
add action=drop chain=forward comment=
“Drop user’s outgoing connections over 40 for ports 1-65535 "
connection-limit=40,32 disabled=no protocol=tcp src-address-list=
“P2P Users” src-port=1-65535 tcp-flags=syn
add action=drop chain=forward comment=”" connection-limit=10,32 disabled=no
dst-port=1025-65535 protocol=tcp src-address-list=“P2P Users” tcp-flags=
syn
add action=drop chain=forward comment=
“Drop P2P user’s incoming connections over 10 for ports 1025-65535 "
connection-limit=10,32 disabled=no dst-address-list=“P2P Users” protocol=
tcp src-port=1025-65535 tcp-flags=syn
add action=drop chain=forward comment=”" connection-limit=10,32 disabled=no
dst-address-list=“P2P Users” dst-port=1025-65535 protocol=tcp tcp-flags=
syn
