Sorry, this is a duplicate of: http://forum.mikrotik.com/viewtopic.php?f=2&t=85134&e=0 and I am not sure how to delete it.
I am a new MikroTik owner but have some experience with Firewalls. I have been having a large DNS relay attack to the point where it takes down my internet connection. I turned off “Allow remote requests” to no avail. Then I tried a very simple firewall:
I did replace x.x.x.x/x with my LAN /24
/ip firewall address-list add address=x.x.x.x/x disabled=no list=support
/ip firewall filter add chain=input action=accept src-address-list=support comment=“Full access to SUPPORT address list”
/ip firewall filter add chain=input action=drop comment=“Drop anything else!”
But when I run torch with the port listing enabled I still see lots and lots of traffic to UDP port 53 on the destination matching my static IP with a source port out on the internet. So then I added this rule at the top:
/ip firewall filter add chain=input action=drop protocol=udp dst-port=53
I now see the counter going up for this new filter, and I am not seeing the traffic in torch. My question is why doesn’t the first set of rules drop the traffic?