Hello,
we have a cloudcore mikrotik and We have server behind the mikrotik with the local ip address 192.168.1.200 and with a open port 4122 on udp, We are receiving connection attempts of many IP address with empty packets on udp protocol, We have tryed with firewall rules, but seems that doesnot work, The firewall rules are:
/ip firewall filter
add action=jump chain=forward connection-state=new jump-target=detect-ddos
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddoser address-list-timeout=10m chain=detect-ddos
add action=drop chain=forward connection-state=new dst-address-list=ddosed src-address-list=ddoser
and also:
add action=accept chain=input connection-limit=40,32 connection-state=new dst-port=4122 protocol=udp dst-address=192.168.1.200
Is there any rule wrong? please, Can you advise me other rules?
Thanks
Regards