Hi,
I’ve noticed that on our network upload on public IP is constantly high and up to the max. Bu using Torch I’ve noticed that all IPs with high Tx rate originate in China. By checking I don’t think that this traffic comes from our LAN network. There are couple of VPN tunnels on the router also. Do you have any idea how to see where does this traffic comes from (and block) or how to even manually block Chinese IPs. Thanks.
disable ip/dns/allow remote requests
On which port do they connect if it is UDP 53, be sure to block remote DNS requests
under IP->DNS->Allow remote request untick the box
or with firewall
/ip fire filter chain=input in-interface=WAN protocol=UDP dst-port=53 action=drop
Otherwise make a torch on LAN interface and see the connections
Yup, disabling remote DNS requests solved the issue. Thanks a lot guys, you are the best!