I’ve got a situation yesterday where I had to create a firewall rule to block particular traffic. I’ve put a timeout of 10 minutes. The address lists were created correctly, and the rule worked. What I noticed though is that the dynamic address lists are still visible, even though the timeout is shown as 0s! Has anyone came accross this?
Here an example:
/ip firewall add chain=detect-ddos action=add-dst-to-address-list address-list=dynamic address-list-timeout=10m
log=no log-prefix=""
ip firewall address-list print
# LIST ADDRESS TIMEOUT
10 D dynamic 97.80.182.89 0s
11 D dynamic 188.228.33.73 0s
12 D dynamic 5.145.78.207 0s
13 D dynamic 75.129.131.49 0s
The only option I have is to manually remove them, but I cannot do it in ranges! And because this was a kind of a DDoS attack, the firewall rules have created a lot of dynamic address lists:
ip firewall address-list print count-only
8882
So removing them manually, is quite unefficient…
On that machine I’m running RouterOS 6.20.