Good day
Currently having unaccounted upload traffic on my MT. I do have a drop all rule in place after the required accept rules.
Anyone able to help? Seems it’s coming from outside and the abnormal traffic eventually causes PSN etc to block access. Sometimes even Netflix.
See firewall:
/ip firewall filter
add action=add-src-to-address-list address-list=Syn_Flooder \
address-list-timeout=30m chain=input comment=\
"Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" \
src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
address-list-timeout=1w chain=input comment="Port Scanner Detect" \
protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
ICMP protocol=icmp
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=jump chain=forward comment="Jump for icmp forward flow" \
jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
bogons
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" \
connection-state=established
add action=accept chain=input comment="Accept to related connections" \
connection-state=related
add action=accept chain=input comment="Full access to SUPPORT address list" \
src-address-list=support
add action=accept chain=input comment=\
"Accept all connections from local network" in-interface=bridge
add action=accept chain=input comment="Accept WinBox Access from Local" \
dst-port=81 protocol=tcp src-address=192.168.88.0/24
add action=accept chain=input comment="Accept WebFig Access from Local" \
dst-port=80 in-interface=bridge protocol=tcp src-address=192.168.88.0/24
add action=accept chain=input comment="Accept Radius UDP" dst-port=\
1700,1812,1813 protocol=udp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
protocol=icmp
add action=drop chain=input dst-port=53 in-interface=\
ISP1-AFRIHOST-200/100-FIBRE protocol=udp
add action=drop chain=input comment="Block all access to the winbox - except t\
o support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUP\
PORT ADDRESS LIST" disabled=yes dst-port=8291 protocol=tcp \
src-address-list=!support
add action=drop chain=input comment="Drop TCP Port 53" disabled=yes dst-port=\
53 in-interface=ether1-FIBRE-UP protocol=udp
add action=drop chain=input comment="Drop UDP Port 53" disabled=yes dst-port=\
53 in-interface=ether1-FIBRE-UP protocol=tcp
add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS \
RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED"
add action=drop chain=input in-interface=ISP1-*removed*-200/100-FIBRE