Page 1 of 1

translate rules , what these rules mean ?

Posted: Mon Nov 16, 2015 8:34 am
by blackmetal
Hi,
i have following rules :
/ip firewall filter
add action=jump chain=forward connection-state=new jump-target=detect-ddos
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddoser address-list-timeout=10m chain=detect-ddos
add action=drop chain=forward connection-state=new dst-address-list=ddosed src-address-list=ddoser

my questions is :
1. if source ip from my network to outside (internet) create more than 32 connection per 10second will block and put in ddoser ip address group right?
2. if source ip from outside of my network (internet) create more than 32 connection per 10 seconds to my destion ip (to my network) will block and put in ddosed ip address group right?
3. i put my external and internal links to a bridge (because i want they work in transparent mode) so is above rules work fine for me in bridge mode ?
4. why action is jump and create dedicated firewall chain ? what is the benefit of dedicated firewall chain?
thanks,

Re: translate rules , what these rules mean ?

Posted: Mon Nov 16, 2015 10:08 pm
by bajodel
.. my questions ..
Yes, yes, no (new connection has no meaning at layer2), less rules to evaluate

Re: translate rules , what these rules mean ?

Posted: Tue Nov 17, 2015 8:36 pm
by blackmetal
hi,
what do you mean?
your mean is in bridge mode we can not control new connection limitation?
and we can only control new connection and invalid an destablished connectios?
thanks,

Re: translate rules , what these rules mean ?

Posted: Fri Nov 20, 2015 12:59 am
by bajodel
..
your mean is in bridge mode we can not control new connection limitation? ..
At layer2 you have no "connections", only " packets " .? So no ..you can not control new connections

Re: translate rules , what these rules mean ?

Posted: Fri Nov 20, 2015 2:34 am
by chechito
you need to activate use ip firewall on bridge options

Re: translate rules , what these rules mean ?

Posted: Sat Nov 21, 2015 7:55 am
by blackmetal
thanks all it seems when enable use ip firewall in bridge it passes connection state to firewall and we can control it,