Fri Mar 13, 2009 6:43 pm
/ip firewall filter
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=1d chain=input comment="Add ddos to adress list" \
connection-limit=10,32 disabled=no protocol=tcp
add action=log chain=input comment="Log ddos" connection-limit=3,32 disabled=\
no log-prefix="FILTER, DDOS DROPPED:" protocol=tcp src-address-list=\
black_list
add action=tarpit chain=input comment="Tarpit ddos" connection-limit=3,32 \
disabled=no protocol=tcp src-address-list=black_list
[toor@extreme] /ip firewall connection tracking> export
# mar/13/2009 17:42:47 by RouterOS 3.20
# software id = 4H1M-LTT
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
tcp-close-wait-timeout=10s tcp-established-timeout=1d \
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=yes \
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
[toor@extreme] /ip firewall connection tracking>