Community discussions

MikroTik App
 
User avatar
hughrobbie
just joined
Topic Author
Posts: 10
Joined: Wed Apr 15, 2015 2:29 pm
Location: KZN
Contact:

Outbound DDOS firewall rules

Thu Sep 23, 2021 9:05 am

Hi Guys,

I am getting lots of outbound Sightline reports of TCP and UDP attacks leaving our network, I would like to know if anyone has any firewall rules they can share that they have used to stop outward DDOS attacks, my plan is to put the firewall rules on each PPPOE concentration device, to prevent it even flowing through my internal network and reduce the damage to other ISPs.

Kind Regards
Hugh
 
User avatar
hughrobbie
just joined
Topic Author
Posts: 10
Joined: Wed Apr 15, 2015 2:29 pm
Location: KZN
Contact:

Re: Outbound DDOS firewall rules

Thu Sep 23, 2021 9:37 am

I saw this on the mikrotik help:
/ip firewall address-list
add list=ddos-attackers
add list=ddos-target
/ip firewall filter
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddos-target address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddos-attackers address-list-timeout=10m chain=detect-ddos
/ip firewall raw
add action=drop chain=prerouting dst-address-list=ddos-target src-address-list=ddos-attackers
will this help?
 
johnson73
Member Candidate
Member Candidate
Posts: 172
Joined: Wed Feb 05, 2020 10:07 am

Re: Outbound DDOS firewall rules

Thu Sep 23, 2021 4:00 pm

Following the recommendations of the forum members, I use the following method. It works well
/ip firewall filter
add action=jump chain=forward comment="Ddos protect" connection-state=new \
    jump-target=block-ddos
add action=return chain=block-ddos dst-limit=32,42,src-and-dst-addresses/10s
add action=add-src-to-address-list address-list=ddoser address-list-timeout=10m \
    chain=block-ddos
/ip firewall raw
add action=drop chain=prerouting dst-address-list=ddoser
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Outbound DDOS firewall rules

Thu Sep 23, 2021 6:49 pm

First of all place anti-spoofing rules: check if the firewall check that the source IP of incoming packet from your clients are your addresses and not spoofed.

Who is online

Users browsing this forum: Husky, rplant and 66 guests