XISP tips,news, & technology » firewall http://www.mtin.net/blog Technology relating to networking and the XISP world Wed, 08 Sep 2010 16:07:04 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Connection Limits on Mikrotik http://www.mtin.net/blog/2010/01/21/connection-limits-on-mikrotik/ http://www.mtin.net/blog/2010/01/21/connection-limits-on-mikrotik/#comments Thu, 21 Jan 2010 18:38:00 +0000 j2sw http://www.mtin.net/blog/?p=242 I recently had an instance where I had to re-visit adding connection limits to a CPE running lots of connections.  they were probably P2P. Here is the code we added:

/ip firewall filter
add chain=forward action=log tcp-flags =syn protocol=tcp connection-limit=100,32 log-prefix="CONN_LIMIT:" comment="connection limit" disabled=no
add chain=forward action=drop tcp-flags =syn protocol=tcp connection-limit=100,32 comment="connection limit" disabled=no

What this code does is this:
1.Limits the connections to 100 per IP.  You can always adjust this for your case

2.Logs the connections & Drops them.

On a side note this customer was dragging down the ap with the amount of connections so we added these rules at the CPE level. It would have done little good to add it on the router.

]]> http://www.mtin.net/blog/2010/01/21/connection-limits-on-mikrotik/feed/ 0