Community discussions

 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

anti dos attack rule for forward

Mon Dec 30, 2013 6:28 pm

Hi

Ive been struggling to make a forward rule to stop a internal IP to dos attack a external IP

add action=add-src-to-address-list address-list=Syn_Flooder \
    address-list-timeout=30m chain=forward connection-limit=100,32 protocol=\
    tcp tcp-flags=syn

this rule suck, it keeps on adding the src and dst to my address list, but I only want to add the src address to my address list, I don't care about the dst ip that is getting attack, can someone help me?

when changed to input the rule works like a charm
 
ditonet
Forum Veteran
Forum Veteran
Posts: 841
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: anti dos attack rule for forward

Mon Dec 30, 2013 6:53 pm

Add 'incoming' and 'outgoing' interfaces as conditions to rule.

HTH,
Grzegorz | MTCNA, MTCRE, MTCSE | konsultacje MikroTik Warszawa
It is a book about a Spanish guy called Manual. You should read it. - Dilbert
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: anti dos attack rule for forward

Mon Dec 30, 2013 10:59 pm

Add 'incoming' and 'outgoing' interfaces as conditions to rule.

HTH,
I'm such a idiot sometimes :lol: ... .thx mate :D

Who is online

Users browsing this forum: No registered users and 76 guests