I’m not sure if this is the correct section to post this in, but i couldn’t find a better one so here goes.
what i’m trying to accomplish is a system that will detect over use of port 25 say more than 5 connections a second and then add the IP to the block list i have somewhat made this work but what its doing is not desirable as it’s adding ips to the list outside or our network we want it to only add IPs to the list that are in our subnets
would this need to be scripted?
Your exact wording makes it a bit of trouble but its real easy to do similar things. Like add an ip that isn’t in an exclusion list to a ban list when it has more then 5 concurrent smtp connections.
You can also ban if in fifth smtp then add to fifth smtp if already in fourth on new tcp state and so on through adding to first smtp when not listed.
Let me know if you need further details. Right now I’m typing on an iPhone so it’s a bit combersom to give full details
Yes you may pm me if possible, i can also provide a skype name or otherwise if desirable in pm
You might want to have a look at this page:
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
Various options that joshaven alluded to. If you pick the criteria (say NEW connections to port 25) then pick the limiting mechanism you can then choose “add to address list” as action when conditions are met. Just depends on details of goal.