Hi,
i have following rules :
/ip firewall filter
add action=jump chain=forward connection-state=new jump-target=detect-ddos
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddoser address-list-timeout=10m chain=detect-ddos
add action=drop chain=forward connection-state=new dst-address-list=ddosed src-address-list=ddoser
my questions is :
1. if source ip from my network to outside (internet) create more than 32 connection per 10second will block and put in ddoser ip address group right?
2. if source ip from outside of my network (internet) create more than 32 connection per 10 seconds to my destion ip (to my network) will block and put in ddosed ip address group right?
3. i put my external and internal links to a bridge (because i want they work in transparent mode) so is above rules work fine for me in bridge mode ?
4. why action is jump and create dedicated firewall chain ? what is the benefit of dedicated firewall chain?
thanks,