...
In RouterOS, we have to split DoS/DDoS protection into 2 parts: detection and processing.
DoS/DDoS Detection
First, we will send every new connection to the specific chain where we will detect DDoS:
| Code Block | ||
|---|---|---|
| ||
/ip/firewall/filter
add chain=forward connection-state=new action=jump jump-target=detect-ddos |
| Code Block | ||
|---|---|---|
| ||
/ip/firewall/filter
add chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s action=return
add chain=detect-ddos src-address=192.168.0.1 action=return |
| Code Block | ||
|---|---|---|
| ||