Firewall Help

Hello Guys , I need a litle help to setup a firewall , here is the situation , I using this firewall:
/ip firewall filter
add chain=input protocol=tcp connection-limit=100,32 \ action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d
add chain=input protocol=tcp src-address-list=blocked-addr connection-limit=3,32 action=tarpit
add chain=forward protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect comment=“SYN Flood protect” disabled=yes
add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new action=accept comment=“” disabled=no
add chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new action=drop comment=“” disabled=no
add action=accept chain=forward comment=“allow established connections” \ connection-state=established disabled=no
add action=accept chain=forward comment=“allow related connections” \ connection-state=related disabled=no
add action=drop chain=forward comment=“drop invalid connections” \ connection-state=invalid disabled=no
add action=jump chain=forward comment=“jump to the virus chain” disabled=no \ jump-target=virus
add action=drop chain=virus comment=“Drop Blaster Worm” disabled=no dst-port=\ 135-139 protocol=tcp
add action=drop chain=virus comment=“Drop Messenger Worm” disabled=no \ dst-port=135-139 protocol=udp
add action=drop chain=virus comment=“Drop Blaster Worm” disabled=no dst-port=\ 445 protocol=tcp
add action=drop chain=virus comment=“Drop Blaster Worm” disabled=no dst-port=\ 445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 \ protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 \ protocol=tcp
add action=drop chain=virus comment=“Drop MyDoom” disabled=no dst-port=1080 \ protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214 \ protocol=tcp
add action=drop chain=virus comment=“ndm requester” disabled=no dst-port=1363 \ protocol=tcp
add action=drop chain=virus comment=“ndm server” disabled=no dst-port=1364 \ protocol=tcp
add action=drop chain=virus comment=“screen cast” disabled=no dst-port=1368 \ protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 \ protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 \ protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \ protocol=tcp
add action=drop chain=virus comment=“Bagle Virus” disabled=no dst-port=2745 \ protocol=tcp
add action=drop chain=virus comment=“Drop Dumaru.Y” disabled=no dst-port=2283 \ protocol=tcp
add action=drop chain=virus comment=“Drop Beagle” disabled=no dst-port=2535 \ protocol=tcp
add action=drop chain=virus comment=“Drop Beagle.C-K” disabled=no dst-port=\ 2745 protocol=tcp
add action=drop chain=virus comment=“Drop MyDoom” disabled=no dst-port=\ 3127-3128 protocol=tcp
add action=drop chain=virus comment=“Drop Backdoor OptixPro” disabled=no \ dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\ tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\ udp
add action=drop chain=virus comment=“Drop Sasser” disabled=no dst-port=5554 \ protocol=tcp
add action=drop chain=virus comment=“Drop Beagle.B” disabled=no dst-port=8866 \ protocol=tcp
add action=drop chain=virus comment=“Drop Dabber.A-B” disabled=no dst-port=\ 9898 protocol=tcp
add action=drop chain=virus comment=“Drop Dumaru.Y” disabled=no dst-port=\ 10000 protocol=tcp
add action=drop chain=virus comment=“Drop MyDoom.B” disabled=no dst-port=\ 10080 protocol=tcp
add action=drop chain=virus comment=“Drop NetBus” disabled=no dst-port=12345 \ protocol=tcp
add action=drop chain=virus comment=“Drop Virus” disabled=no dst-port=12667 \ protocol=udp
add action=drop chain=virus comment=“Drop Kuang2” disabled=no dst-port=17300 \ protocol=tcp
add action=drop chain=virus comment=“Drop SubSeven” disabled=no dst-port=\ 27374 protocol=tcp
add action=drop chain=virus comment=“Drop PhatBot, Agobot, Gaobot” disabled=\ no dst-port=65506 protocol=tcp
add action=accept chain=forward comment=“Allow HTTP” disabled=no dst-port=80 \ protocol=tcp
add action=accept chain=forward comment=“Authorised Mail” disabled=no \ dst-address-list=“safe mailers” dst-port=25 protocol=tcp
add action=drop chain=forward comment=“Unauthorised Mail " disabled=no \ dst-address-list=”!safe mailers" dst-port=25 protocol=tcp
add action=add-src-to-address-list address-list=spammer address-list-timeout=\ 1d chain=forward comment=“Detect and add-list SMTP virus or spammers” \ connection-limit=30,24 disabled=no dst-port=25 limit=50,5 protocol=tcp
add action=drop chain=forward comment=“BLOCK SPAMMERS OR INFECTED USERS” \ disabled=no dst-port=25 protocol=tcp src-address-list=spammer
add action=accept chain=forward comment=“allow TCP” disabled=no protocol=tcp
add action=accept chain=forward comment=“allow ping” disabled=no protocol=\ icmp
add action=accept chain=forward comment=“allow udp” disabled=no protocol=udp
add action=accept chain=forward comment=“VPN pptp (GRE)” disabled=no
add chain=input protocol=tcp dst-port=8291 connection-state=new action=accept comment="Allow WinBox "
add chain=input action=drop comment=“Drop everything else”

And my problem is that my ISP is closing my internet connection due to flood protection , I searchd for suspicion pachets but I didnt find anything wrong , my ISP have an automatic script whitch close my internet connection , what am I doin wrong? Please Help .
The Routerboards whitch am I using are RB450G..
Thanks ..

Have you contacted your ISP to find out if that is in fact what is going on?

Yes , I contacted my ISP and they sad that they don,t have logs about the trafic , and cant tell from where is it, but it looks like is comming from my network and not from outside , but the problem is that in don’t see any strange trafic , and with current fierewall setting is passing my routers , I apreciate some help , Thanks

Without much more specific details it’ll be hard to help you.

Right now I would suggest switching ISPs so that you partner with someone competent who can help you troubleshoot perceived issues with your connection.

Your ISP sounds nasty.

Telefonica (in Spain) are very helpful. If you send too many emails, they block port 25.

Yeah , they are a litle nasty , but it looks like is a icmp , or udp flood , can you tell me a firewall rule to stop thease , and is comming from inside the network ..

And i searchd the forum for how to stop the ping of death but didnt find any informationas, thanks

You can try blocking icmp forwarding temporarily to see if that helps. Change the icmp forward rule to drop or reject rather than accept.

Now I didnt stopt the icmp but i made a rule to accept only 5 packets / sec , to see what happening ,
Thanks for help…
Later I will post the results…

this doesnt helpt , the problem persist , it remains the udp pachets , now I can find a filter for udp packets, thanks

Read the wiki and learn how to construct firewall rules.

To drop all UDP, thats something like

/ip firewall filter
add chain=forward protocol=udp action=drop

Of course that’s a horrible idea so you’ll have to be more specific by port.

Sounds like a Great Idea.

TCP only Internet. Bliss.