There are several devices on my network that are sending fragmented icmp packets to my router causing is to perform poorly. I know if I disabled connection tracking I wouldn’t have to worry about fragmented icmp packets, but how do I drop them with conntracking enabled?
in firewall “fragment=yes” will match fragmented packets.
http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter#Properties
The manual says “If connection tracking is enabled there will be no fragments as system automatically assembles every packet”. I want to stop it from reassembling the fragmented icmp packets. Is this possible?