Guys, good night,
I’m no expert on Mikrotik. I have doubts about this:
Is there any way to detect / block traffic with very large packets? This is good security practice for the firewall, and I’m looking how to do this. Does anyone know how?
Best,
In firewall rules, for example, look for “packet size” (2nd tab). It can be one value (ex. 100) or a range of sizes (ex. 1000-1500).
Sent from my cell phone via Tapatalk. Sorry for the errors.
How would such packets get to you in the first place? If you block traffic up to your MTU size then you will break legitimate traffic.
I did this, it’s in the attached image. That’s right?
I created the same rule for both Input / Forward
In the action menu, I select drop
I want to prevent packets larger than 1500 bytes from overloading my network. I am not an provider, but I use hotspot for my internal clients on the local network.
So you’re saying “if it’s not between 0 and 1500 bytes”. It could have been also “1501-0” which means “from 1501 to larger”. Same sh.. different smell 
Sent from my cell phone via Tapatalk. Sorry for the errors.
Edit: R1CH may have missed the"!" which stands for “not”. So the rule means anything that’s not between 0-1500 bytes. So, your not breaking your network.
Sent from my cell phone via Tapatalk. Sorry for the errors.
I’m saying you’re creating a useless firewall rule. A packet cannot be larger than your MTU, and blocking packets below your MTU will break things.
Perhaps you’re confusing large packets with large pings?