first, I find icmp packet len 64020 (6,4 MB) , in router,
is this (i think it is) DDOS attack ?!

than i decide to block every packet over 1500,
can this be problems for some normal traffic ?
becouse, i see some packet over 1500, but not much.

btw, we used PPPoE , with MTU/MRU 1492/1492, over wire and wireless.

i make rules for !0-1500 log and drop, but rules log and drop 1498 , 1486 ?!

is this bug ?

v3.6

are you sure it's ICMP? in support you wrote us that it's UDP ...

first i see traffic from 1 users (i think it is virus) to internet , and this are ICMP (upload) len 64020, (pic1) , he reinstall OS, and this traffic is gone.

than I block packages over 1500, after that, I see package over 1500 in log on 3-4 routers, and this are UDP (i think p2p) , from 1600-5000 leng. (some are in pic2)

and only 4-5 users have this traffic,
many users used p2p 100% of time on net , but never have this traffic (over 1500).

is it safe to block this packages with >1500 len , but with no effect on normal used of internet ?

you can't block them, because they will arrive in fragments

I wish to block only possible virus , ddos, etc...

and i make rule: all !0-1500 drop ...
and router is droping this packages, on pic2.

I wonder, is I block normal traffic to users ?
because , I do not wish to block normal traffic.

MT support tell me: You can block ICMP >1500 for sure, but don't recommend to do it for other traffic.

I wish to block only possible virus , ddos, etc...

and i make rule: all !0-1500 drop ...
and router is droping this packages, on pic2.

I wonder, is I block normal traffic to users ?
because , I do not wish to block normal traffic.

MT support tell me: You can block ICMP >1500 for sure, but don't recommend to do it for other traffic.

cross posting in support and forum is not a good idea, because you talk to the same person in two places.

I known,

but I think maybe some MT users have some idea for this.