Versions Compared

Old Version 6

changes.mady.by.user Artūrs C.

Saved on

compared with

New Version 7

changes.mady.by.user Normunds R.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configuration lines

Note

These rules are only an improvement for firewall, do not forget to properly secure your device: Building Your First Firewall !


Code Block
languageros
/ip firewall address-list
add list=ddos-attackers
add list=ddos-target
/ip firewall filter
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddos-target address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddos-attackers address-list-timeout=10m chain=detect-ddos
/ip firewall raw
add action=drop chain=prerouting dst-address-list=ddos-target src-address-list=ddos-attackers

...

First, we will send every new connection to the specific firewall chain where we will detect DDoS:

...