/ip firewall filter
add action=add-src-to-address-list address-list=block-ddos \
address-list-timeout=1d chain=input comment="=============================\
=====Inicio controle DDoS==============" connection-limit=32,32 \
disabled=no protocol=tcp
add action=tarpit chain=input connection-limit=3,32 disabled=no protocol=tcp \
src-address-list=block-ddos
add action=jump chain=forward comment="SYN Flood protect" connection-state=\
new disabled=no jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=accept chain=SYN-Protect connection-state=new disabled=no limit=\
400,5 protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect comment=\
"=================Fin Control DDoS=============================" \
No hay comentarios.:
Publicar un comentario