translate rules , what these rules mean ?

blackmetal · November 16, 2015, 6:34am

Hi,
i have following rules :
/ip firewall filter
add action=jump chain=forward connection-state=new jump-target=detect-ddos
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddoser address-list-timeout=10m chain=detect-ddos
add action=drop chain=forward connection-state=new dst-address-list=ddosed src-address-list=ddoser

my questions is :

if source ip from my network to outside (internet) create more than 32 connection per 10second will block and put in ddoser ip address group right?
if source ip from outside of my network (internet) create more than 32 connection per 10 seconds to my destion ip (to my network) will block and put in ddosed ip address group right?
i put my external and internal links to a bridge (because i want they work in transparent mode) so is above rules work fine for me in bridge mode ?
why action is jump and create dedicated firewall chain ? what is the benefit of dedicated firewall chain?
thanks,

bajodel · November 16, 2015, 8:08pm

Yes, yes, no (new connection has no meaning at layer2), less rules to evaluate

blackmetal · November 17, 2015, 6:36pm

hi,
what do you mean?
your mean is in bridge mode we can not control new connection limitation?
and we can only control new connection and invalid an destablished connectios?
thanks,

bajodel · November 19, 2015, 10:59pm

At layer2 you have no “connections”, only " packets " .? So no ..you can not control new connections

chechito · November 20, 2015, 12:34am

you need to activate use ip firewall on bridge options

blackmetal · November 21, 2015, 5:55am

thanks all it seems when enable use ip firewall in bridge it passes connection state to firewall and we can control it,