hi guys

how i can set CSF Rules on mikrotik OS ?

Port Flood Protection. This option configures iptables to offer protection

from DOS attacks against specific ports. This option limits the number of

new connections per time interval that can be made to specific ports

This feature does not work on servers that do not have the iptables module

ipt_recent loaded. Typically, this will be with MONOLITHIC kernels. VPS

server admins should check with their VPS host provider that the iptables

module is included

For further information and syntax refer to the Port Flood Protection

section of the csf readme.txt

Note: Run /etc/csf/csftest.pl to check whether this option will function on

this server

PORTFLOOD = "21;tcp;5;300"

\

Connection Limit Protection. This option configures iptables to offer more

protection from DOS attacks against specific ports. It can also be used as a

way to simply limit resource usage by IP address to specific server services.

This option limits the number of concurrent new connections per IP address

that can be made to specific ports

This feature does not work on servers that do not have the iptables module

xt_connlimit loaded. Typically, this will be with MONOLITHIC kernels. VPS

server admins should check with their VPS host provider that the iptables

module is included

For further information and syntax refer to the Connection Limit Protection

section of the csf readme.txt

Note: Run /etc/csf/csftest.pl to check whether this option will function on

this server

CONNLIMIT = ""



i need set portflood and connectionlimit on anyport

when i set connectionlimit i have to set 30 port because i have 30 game server
how i set 2/3 rule that protection all any my game server port?

Read this https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
and this https://help.mikrotik.com/docs/display/ROS/Building+Your+First+Firewall

not use your posts
any one can help me?

If uou don’t want to do it yourself with help of the documentation you can try this page to find someone to do it for you:

https://mikrotik.com/consultants

This is the best service for you to use… made especially for Mikrotik
https://itexpertoncall.com/promotional/moab.html#prime

any idea for use?

Allow someone to hold your hand on this.

https://mikrotik.com/consultants

I gave you the link for the easiest and effective method… if you dont use, it continue to beat your head against the wall it costs us nothing.

Create address-list for IP addresses, that are allowed to access your router, drop everything else, log=yes might be added to log packets that hit the specific rule..

@anav, could you stop recommending that useless blacklist everywhere?
If atleast he had some MikroTik certification.. but self-proclaimed “experts” are meh, in my personal opinion.
Cheers.

Zeneva, why dont you put your money wear your mouth is and try it before you trash something.
Its a low cost effective service that relieves new users from making a mess of their configurations which often results from watching too many youtube videos and articles.
My aim is to help people believe it or not.

Well, help them, don’t send them to some useless blacklist “full of bad guys”, for $90 (ps: you add 9 more and you can buy 1x hAP ac³).
A blacklist doesn’t fix anything.
Cheers.

For the final and last time, put your money where your mouth is and try it for a month, it will cost you a cup of coffee and then you will be able to state definitely it is a waste of time, and guess what…
then you should also have evidence to back up your current view and if you don’t, then you can confirm either way. I wont gloat then either as stated just want decent outcome for the OP.

I’m assuming the DDOS is quite successful since we haven’t heard back from the OP.

Too funny!!