I just found an entry within a srcnat rule:
What will !1000,32 do? "1000,32" would make sense for me, but "!1000,32"?chain=srcnat action=src-nat to-addresses=176.18.1.15" connection-limit=!1000,32 routing-mark=r_src160 src-address=10.17.160.0/19
What will !1000,32 do? "1000,32" would make sense for me, but "!1000,32"?chain=srcnat action=src-nat to-addresses=176.18.1.15" connection-limit=!1000,32 routing-mark=r_src160 src-address=10.17.160.0/19
Now I´m confused. It seems I´m mixing NAT rule with firewall rule, e.g.:This will match first 1000 connections per destination.
This would be a connection limit for one single host, e.g. max 100 connection for every host ip (32 bit of netmask)./ip firewall
add chain=forward protocol=tcp tcp-flags=syn connection-limit=100,32 action=drop comment="connection limit" disabled=no
What would be the rule, if that NAT rule shouldn´t have any limitation? => "This will match all connections per destination."chain=srcnat action=src-nat to-addresses=176.18.1.15" connection-limit=100,32 routing-mark=r_src160 src-address=10.17.160.0/19