Limit the number of login attempts per minute - (L2TP VPN) From the same address
How ?
/ip firewall filter
chain=input action=drop protocol=udp src-address=youraddress dst-port=1701 limit=1/1m,1
I haven’t tried it, but i guess it could be this way if you want 1 packet per minute.
But I tried it.
First: I want to limit login attempts with each IP - that is, must use the “dst-limit”, rather than “limit” - because manually enter “src-address” for several thousand clients - is irrational.
Second: L2TP uses to establish and maintain the tunnel L2TP - the same port and protocol - UDP 1701 - so there is no way to separate traffic tunnel establishment and transmission of useful data.
What else have thoughts?
Sorry, but I am not very familiar with L2TP.
So, if L2TP is using the same port, which is logical, than in the rule above
you could add connection-state=new.
If there are thousands of clients you can use than connection-limit=6/32
/ip firewall filter
add chain=input action=add-src-to-address-list address-list=whatever address-list-timeout=yourtime
connection-state=new protocol=udp dst-port=1701 connection-limit=6/32 limit=15/1m,5
add chain=input action=drop src-address-list=whatever
-
The problem - is that the UDP protocol - a state of “new connection” - this is not a “strict” concept. And depending on the parameters of “connection tracking” - udp timeout, udp flow timeout.
Imagine the situation - the customer has fallen tunnel L2TP, and immediately - his home router attempts began to batter to connect 1-2 times per second. In this case the rule - “UDP - new connection” - does not work. -
why do you suggest “limit”, but no “dst-limit” ?
P.S. Sorry for my english (This is translate.google.com : ))))
I am just guessing, I have no way to try it.
May be someone with more experience could pop up 
.