Hi,
The firewall rule for connection limit sometimes stays at 0, but sometimes it increases very fast to kilos and megs.
is there a way to find what (ip or user) had hit the limit?
Many Thanks,
Duplicate the rule, change the action of the copy to add the IP to an address list, set passthrough to yes, and move the copy before whatever rule you have right now. Set the address list time out to some sensible value. That way the clients triggering the rule are added to the address list, which you can view in “/ip firewall address-list”.
Rule is working fine - thank you for you quick solution.