Hi,
I know this has been discussed a few times in the forums, but I can’t work out how to configure what I would like.
We have some CC routers which are advertising a few /23 blocks of ip’s via BGP. Behind the routers are servers running various general services such as web, email, ssh etc.
We have had a few issues recently caused by slow DOS attacks causing services to reach their maximum connection limits and not allowing any new connections.
What we’d like to do is limit each IP on the internet to have a maximum of 1000 concurrent connections to any one IP on our network.
/ip firewall filter add chain=forward connection-limit=1000,32 log=yes log-prefix=mp out-interface=“ether1 - Network” protocol=tcp tcp-flags=syn
This would work fine, if we only were hosting 1 ip address, however we have several thousand, so this would limit a single internet IP from opening say 100 connections to 12 ip’s on our network, which we don’t want to restrict.
So .. I’m looking for a way of limiting each internet ip to 1000 connections to any single ip on our network.
Any ideas/pointers would be most appreciated.
Thanks