Introduction

Firewall RAW table allows to selectively bypass or drop packets before connection tracking that way significantly reducing the load on CPU. The tool is very useful for DsS/DDoS attack mitigation.

The RAW table does not have matchers that depend on connection tracking ( like connection-state, layer7, etc.).
If a packet is marked to bypass the connection tracking packet de-fragmentation will not occur.

Chains

There are two predefined chains in RAW tables:

• prerouting - used to process any packet entering the router
• output - used to process packets originated from the router and leaving it through one of the interfaces. Packets passing through the router are not processed against the rules of the output chain

Packet flow diagrams illustrate how packets are processed in RouterOS.