Hello Guys , I need a litle help to setup a firewall , here is the situation , I using this firewall:
/ip firewall filter
add chain=input protocol=tcp connection-limit=100,32 \ action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d
add chain=input protocol=tcp src-address-list=blocked-addr connection-limit=3,32 action=tarpit
add chain=forward protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=yes
add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5 connection-state=new action=accept comment="" disabled=no
add chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new action=drop comment="" disabled=no
add action=accept chain=forward comment="allow established connections" \ connection-state=established disabled=no
add action=accept chain=forward comment="allow related connections" \ connection-state=related disabled=no
add action=drop chain=forward comment="drop invalid connections" \ connection-state=invalid disabled=no
add action=jump chain=forward comment="jump to the virus chain" disabled=no \ jump-target=virus
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\ 135-139 protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" disabled=no \ dst-port=135-139 protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\ 445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\ 445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 \ protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 \ protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 \ protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214 \ protocol=tcp
add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 \ protocol=tcp
add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 \ protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 \ protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 \ protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 \ protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \ protocol=tcp
add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 \ protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \ protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \ protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=\ 2745 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=\ 3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no \ dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\ tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\ udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 \ protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \ protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=\ 9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=\ 10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=\ 10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 \ protocol=tcp
add action=drop chain=virus comment="Drop Virus" disabled=no dst-port=12667 \ protocol=udp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 \ protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=\ 27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=\ no dst-port=65506 protocol=tcp
add action=accept chain=forward comment="Allow HTTP" disabled=no dst-port=80 \ protocol=tcp
add action=accept chain=forward comment="Authorised Mail" disabled=no \ dst-address-list="safe mailers" dst-port=25 protocol=tcp
add action=drop chain=forward comment="Unauthorised Mail " disabled=no \ dst-address-list="!safe mailers" dst-port=25 protocol=tcp
add action=add-src-to-address-list address-list=spammer address-list-timeout=\ 1d chain=forward comment="Detect and add-list SMTP virus or spammers" \ connection-limit=30,24 disabled=no dst-port=25 limit=50,5 protocol=tcp
add action=drop chain=forward comment="BLOCK SPAMMERS OR INFECTED USERS" \ disabled=no dst-port=25 protocol=tcp src-address-list=spammer
add action=accept chain=forward comment="allow TCP" disabled=no protocol=tcp
add action=accept chain=forward comment="allow ping" disabled=no protocol=\ icmp
add action=accept chain=forward comment="allow udp" disabled=no protocol=udp
add action=accept chain=forward comment="VPN pptp (GRE)" disabled=no
add chain=input protocol=tcp dst-port=8291 connection-state=new action=accept comment="Allow WinBox "
add chain=input action=drop comment="Drop everything else"
And my problem is that my ISP is closing my internet connection due to flood protection , I searchd for suspicion pachets but I didnt find anything wrong , my ISP have an automatic script whitch close my internet connection , what am I doin wrong? Please Help .
The Routerboards whitch am I using are RB450G..
Thanks ..