Hello,
I just found an entry within a srcnat rule:
chain=srcnat action=src-nat to-addresses=176.18.1.15" connection-limit=> !1000,32 > routing-mark=r_src160 src-address=10.17.160.0/19
What will !1000,32 do? “1000,32” would make sense for me, but “!1000,32”?
This will match first 1000 connections per destination.
Now I´m confused. It seems I´m mixing NAT rule with firewall rule, e.g.:
/ip firewall
add chain=forward protocol=tcp tcp-flags=syn connection-limit=100,32 action=drop comment=“connection limit” disabled=no
This would be a connection limit for one single host, e.g. max 100 connection for every host ip (32 bit of netmask).
What would this NAT rule do?
chain=srcnat action=src-nat to-addresses=176.18.1.15" > connection-limit=> 100,32 > routing-mark=r_src160 src-address=10.17.160.0/19
What would be the rule, if that NAT rule shouldn´t have any limitation? => “This will match all connections per destination.”