Community discussions

MUM Europe 2020
 
daived
just joined
Topic Author
Posts: 9
Joined: Fri Apr 05, 2013 2:51 pm

Block UDP traffic

Tue Jan 14, 2014 3:02 am

Hi guys, can somebody tell me how to block UDP trafic for all, but allow it only for local 192.168.1.0/24 ?
 
raz
Member Candidate
Member Candidate
Posts: 102
Joined: Wed Dec 19, 2012 3:26 pm
Location: Austria

Re: Block UDP traffic

Tue Jan 14, 2014 8:11 am

/ip firewall filter add src-address=!192.168.1.0/24  protocol=udp action=drop
 
daived
just joined
Topic Author
Posts: 9
Joined: Fri Apr 05, 2013 2:51 pm

Re: Block UDP traffic

Tue Jan 14, 2014 7:01 pm

/ip firewall filter add src-address=!192.168.1.0/24  protocol=udp action=drop
I not need to set chain?
 
User avatar
c0d3rSh3ll
Long time Member
Long time Member
Posts: 558
Joined: Mon Jul 25, 2011 9:42 pm
Location: [admin@Chile] >

Re: Block UDP traffic

Tue Jan 14, 2014 8:56 pm

/ip firewall filter add src-address=!192.168.1.0/24  protocol=udp action=drop
I not need to set chain?
Yes. You need chain forward

Send from my mobile phone using Tapatalk.
nothing
 
daived
just joined
Topic Author
Posts: 9
Joined: Fri Apr 05, 2013 2:51 pm

Re: Block UDP traffic

Tue Jan 14, 2014 9:27 pm

Maybe someone have some rules for Anti UDP traffic DDOS?
 
raz
Member Candidate
Member Candidate
Posts: 102
Joined: Wed Dec 19, 2012 3:26 pm
Location: Austria

Re: Block UDP traffic

Tue Jan 14, 2014 9:50 pm

Forgot the Chain, depends on how you're using your MT Device. chain=forward does what you need.

Depends on what kind of DDoS you're receiving, your Question sounds like UDP Port 53 ;)
chain=forward dst-port=53 protocol=udp action=drop in-interface=etherx
Should to the Job, if you have the /ip service nameserver running. If you're getting hitted by this kind of DDoS its a bit harder because your Bandwith not fits the job do this:
chain=forward src-port=53 protocol=udp action=drop in-interface=etherx src-address=!8.8.8.8
So you can still use the Google DNS 8.8.8.8.
 
daived
just joined
Topic Author
Posts: 9
Joined: Fri Apr 05, 2013 2:51 pm

Re: Block UDP traffic

Wed Jan 15, 2014 12:04 am

Forgot the Chain, depends on how you're using your MT Device. chain=forward does what you need.

Depends on what kind of DDoS you're receiving, your Question sounds like UDP Port 53 ;)
chain=forward dst-port=53 protocol=udp action=drop in-interface=etherx
Should to the Job, if you have the /ip service nameserver running. If you're getting hitted by this kind of DDoS its a bit harder because your Bandwith not fits the job do this:
chain=forward src-port=53 protocol=udp action=drop in-interface=etherx src-address=!8.8.8.8
So you can still use the Google DNS 8.8.8.8.
Big thanks! yes its 53 port, but i have bind server on my linux server, so how can i stop ddos to 53 port, if i block it my domains not working :(
 
soamz
Member
Member
Posts: 429
Joined: Thu Mar 19, 2015 7:19 am

Re: Block UDP traffic

Sat Jul 30, 2016 11:41 am

Im getting around 30% of my total traffic as UDP traffic as I see in my Netflow. 

Is there anything to worry ?

Who is online

Users browsing this forum: No registered users and 83 guests