I have been trying to learn everything i can to make my rb1100ah more resilient (if possible) and more stealthyish to DDOS.
I just learned about syn_cookies and have enabled them 
they moved it to ip/settings vs ip/firewall/connections/settings
Anyway, i had these rules at the top of my firewall: do i NEED them if i am using syn cookies? Do these rules make syn cookies work less effectively?
I have read a lot about syn cookies, and i think it only kicks in when things are flooding? so in that case, these rules are good?
(i have these on both the input and forward chains using a jump rule)
add chain=BADTCP action=drop comment=“TCP flags and Port 0 attacks” protocol=tcp tcp-flags=!fin,!syn,!rst,!ack
add chain=BADTCP action=drop protocol=tcp tcp-flags=fin,syn
add chain=BADTCP action=drop protocol=tcp tcp-flags=fin,rst
add chain=BADTCP action=drop protocol=tcp tcp-flags=fin,!ack
add chain=BADTCP action=drop protocol=tcp tcp-flags=fin,urg
add chain=BADTCP action=drop protocol=tcp tcp-flags=syn,rst
add chain=BADTCP action=drop protocol=tcp tcp-flags=rst,urg
add chain=BADTCP action=drop protocol=tcp src-port=0
add chain=BADTCP action=drop dst-port=0 protocol=tcp
add chain=BADTCP action=drop protocol=udp src-port=0
add chain=BADTCP action=drop dst-port=0 protocol=udp