firewall rule question

strg · February 8, 2011, 8:19pm

Hy i have the following rules
/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-state=new
action=jump jump-target=SYN-Protect comment=“SYN Flood protect” disabled=yes
/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new
action=accept comment=“” disabled=no
/ip firewall filter add chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new
action=drop comment=“” disabled=no

When is excessive traffic the firewall drops packets, but this rule influences the other IP’s of my class where is no excessive traffic, for example other internet customers. How do i apply the rule for each ip individually without writing it for 255 times ?

Feklar · February 8, 2011, 8:47pm

Are you looking to narrow down the rule so it only applies to certain IP addresses and not everything?

/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=no src-address=192.168.0.0/24

That will narrow down the rule so it only applies to the 192.168.0.0/24 subnet. You can also use src-address-list and make a list of addresses/subnets you want the rule to apply to.

strg · February 8, 2011, 9:34pm

no i want to limit for example 400 p /s for each ip from /24 class not 400 p/s to all of my class, and and want to do it without writing down the rule for 254 times