I have been proving this rule:
30 conexiones maximo por cliente salida:
chain=forward action=drop tcp-flags=syn protocol=tcp src-address= x.x.x.x/24 connection-limit=30,32
And it works only limiting the connections from our clients towards (web). I have a problem of connections that make the mikrotik saturate but it is from the web towards our clients, that is to say, putting this rule marking our ips with src-address we limit to 30 the connections of exit (we can see it in ip firewall connections selecting src-address) but nevertheless we do not control the connections of entry to our clients, if you see well putting one of our ip in ip firewall connections dst-address and your client uses programs peer to peer or torrent open more than 1000 connections what provoke saturations in the mikrotik. It is to say that this rule don´t work:
30 conexiones maximo por cliente de entrada:
chain=forward action=drop tcp-flags=syn protocol=tcp dst-address= x.x.x.x/24 connection-limit=30,32
We do not manage to be able to limit the number of connections that enter(approach) our clients already be for dst-address or for dst-port, only it works for src-address or src-port.
Has someone managed to limit the number of connections of entry to his clients of some form? Thank you