Page 1 of 1

Block UDP traffic

Posted: Tue Jan 14, 2014 3:02 am
by daived
Hi guys, can somebody tell me how to block UDP trafic for all, but allow it only for local 192.168.1.0/24 ?

Re: Block UDP traffic

Posted: Tue Jan 14, 2014 8:11 am
by raz
/ip firewall filter add src-address=!192.168.1.0/24  protocol=udp action=drop

Re: Block UDP traffic

Posted: Tue Jan 14, 2014 7:01 pm
by daived
/ip firewall filter add src-address=!192.168.1.0/24  protocol=udp action=drop
I not need to set chain?

Re: Block UDP traffic

Posted: Tue Jan 14, 2014 8:56 pm
by c0d3rSh3ll
/ip firewall filter add src-address=!192.168.1.0/24  protocol=udp action=drop
I not need to set chain?
Yes. You need chain forward

Send from my mobile phone using Tapatalk.

Re: Block UDP traffic

Posted: Tue Jan 14, 2014 9:27 pm
by daived
Maybe someone have some rules for Anti UDP traffic DDOS?

Re: Block UDP traffic

Posted: Tue Jan 14, 2014 9:50 pm
by raz
Forgot the Chain, depends on how you're using your MT Device. chain=forward does what you need.

Depends on what kind of DDoS you're receiving, your Question sounds like UDP Port 53 ;)
chain=forward dst-port=53 protocol=udp action=drop in-interface=etherx
Should to the Job, if you have the /ip service nameserver running. If you're getting hitted by this kind of DDoS its a bit harder because your Bandwith not fits the job do this:
chain=forward src-port=53 protocol=udp action=drop in-interface=etherx src-address=!8.8.8.8
So you can still use the Google DNS 8.8.8.8.

Re: Block UDP traffic

Posted: Wed Jan 15, 2014 12:04 am
by daived
Forgot the Chain, depends on how you're using your MT Device. chain=forward does what you need.

Depends on what kind of DDoS you're receiving, your Question sounds like UDP Port 53 ;)
chain=forward dst-port=53 protocol=udp action=drop in-interface=etherx
Should to the Job, if you have the /ip service nameserver running. If you're getting hitted by this kind of DDoS its a bit harder because your Bandwith not fits the job do this:
chain=forward src-port=53 protocol=udp action=drop in-interface=etherx src-address=!8.8.8.8
So you can still use the Google DNS 8.8.8.8.
Big thanks! yes its 53 port, but i have bind server on my linux server, so how can i stop ddos to 53 port, if i block it my domains not working :(

Re: Block UDP traffic

Posted: Sat Jul 30, 2016 11:41 am
by soamz
Im getting around 30% of my total traffic as UDP traffic as I see in my Netflow. 

Is there anything to worry ?