Hi,
I have created the SYN/DoS/DDoS Protection rules suggested by Mikrotik.
Should they be on the top or on the bottom of the rules?
Thanks!
Rules are processed in order of placement in the list, but also by chain
So if the chains are intermingled think of it as if they were squished together but in the order it shows
In your example, the top return rule would jump back to the original chain straight away, you want it to go through the rules first if there’s a hit great it is enacted, if not then it hits the last rule in that chain saying return to the chain we jumped from.
This also has to do with the ‘passthrough’ option, where if a rule gets hit you can say passthrough so do the action on this rule but keep processing this packet through the rest of the rules.
What makes you think your router can handle a DDOS, dont waste your time.
Simply put drop rules at end of input chain and forward chain and you are good to go.
If you must have open ports for servers attempt to ensure you have narrowed access down by source address or src-address-list.
Just for learning purpose.