I'm wondering how to place DDos Attack filter rules when Connection Tracking is Off on Mikrotik CCR-1036 as I'm using this router for Routing only and my rest of traffic is forwarding to CGNAT CCR-1009.
Anyone can help on it
Please see below link what I want to elaborate you.
https://aacable.wordpress.com/2018/03/2 ... -mikrotik/
When connection tracking is off, RAW tab rules won't work
Please see below link what I want to elaborate you.
https://aacable.wordpress.com/2018/03/2 ... -mikrotik/
Your link provides the correct information:
"When using Masquarade, RouterOS has to do full connection tracking recalculation on EACH interface connect/disconnect.".
=> Use srcnat instead of masquerade to eliminate extra load on pppoe (dis)connects.
THANKS ISSUE RESOLVED.. I completely remove NATTing and issue resolved
When connection tracking is off, RAW tab rules won't work
Raw works fine without connection tracking.. raw is applied before tracking (if enabled)