Hi,
i have following rules :
/ip firewall filter
add action=jump chain=forward connection-state=new jump-target=detect-ddos
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddoser address-list-timeout=10m chain=detect-ddos
add action=drop chain=forward connection-state=new dst-address-list=ddosed src-address-list=ddoser

my questions is :
1. if source ip from my network to outside (internet) create more than 32 connection per 10second will block and put in ddoser ip address group right?
2. if source ip from outside of my network (internet) create more than 32 connection per 10 seconds to my destion ip (to my network) will block and put in ddosed ip address group right?
3. i put my external and internal links to a bridge (because i want they work in transparent mode) so is above rules work fine for me in bridge mode ?
4. why action is jump and create dedicated firewall chain ? what is the benefit of dedicated firewall chain?
thanks,

.. my questions ..

Yes, yes, no (new connection has no meaning at layer2), less rules to evaluate

hi,
what do you mean?
your mean is in bridge mode we can not control new connection limitation?
and we can only control new connection and invalid an destablished connectios?
thanks,

..
your mean is in bridge mode we can not control new connection limitation? ..

At layer2 you have no "connections", only " packets " .? So no ..you can not control new connections

you need to activate use ip firewall on bridge options

thanks all it seems when enable use ip firewall in bridge it passes connection state to firewall and we can control it,