hi for all ..! i am using RB951ui and despite that i am using -as far as i think- a strong firewall rules i've had alot of hacking process on my router in the last few days, so please anyone can advise me
on a strong firewall rules that i can apply on my router that can make sence ...?
this is my firewall rules in my router..
2-ip-services-i disable all port except the winbox port
3-Mitigate the DDOS attack (the purpose of this rule is to mitigate the number of connection)
/ip firewall address-list
add list=ddos-attackers
add list=ddos-target
/ip firewall filter
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddos-target address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddos-attackers address-list-timeout=10m chain=detect-ddos
4-/ip firewall raw
add action=drop chain=prerouting dst-address-list=ddos-target src-address-list=ddos-attackers
5-/ip firewall filter
add action=accept chain=input connection-state=established,related,untracked
add action=accept chain=input dst-address=127.0.0.1
add action=drop chain=input connection-state=invalid
add action=drop chain=input disabled=yes in-interface=!ether1
add action=drop chain=forward comment=\
"Drop incoming from internet which is not public IP" in-interface=ether1 \
log=yes log-prefix="! public" src-address-list=not_in_internet
6-ip firewall address-list
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add list=ddos-attackers
add list=ddos-target
7-ip firewall filter
add action=drop chain=forward comment="Drop incoming from internet which is not public IP" in-interface=ether1 log=yes log-prefix="! public" \
src-address-list=not_in_internet
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddos-target address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddos-attackers address-list-timeout=10m chain=detect-ddos
please any advice to change or modify this rule ..