add action=log chain=IPS limit=10,5 log-prefix=ping_flood: protocol=icmp This will log any ICMP upto 10 packets per second, not more - I don't think it's what you need.
2012/9/13 Jacob Heider <[email protected]> > Soon, I will be installing a routerboard (probably a 2011) for a bank as > their primary router/firewall. Based on a little light reading, I'm > probably going to be using the following as a basic IPS configuration: > > /ip firewall filter > add action=jump chain=input in-interface=ether1 jump-target=IPS > [other input blocking rules] > add action=jump chain=forward in-interface=ether1 jump-target=IPS > add action=log chain=IPS limit=10,5 log-prefix=ping_flood: protocol=icmp > add action=log chain=IPS log-prefix=port_scan: protocol=tcp psd=10,3s,3,1 > add action=drop chain=IPS protocol=tcp psd=10,3s,3,1 > add action=tarpit chain=IPS protocol=tcp src-address-list=black_list > add action=log chain=IPS connection-limit=10,32 log-prefix=blacklist: > add action=add-src-to-address-list address-list=black_list > address-list-timeout=1d chain=IPS connection-limit=10,32 > add action=return chain=IPS > > Anyone tried to satisfy security requirements for a U.S. bank using MT's > filtering rules? Any suggestions? > ______________________________**_________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/**mailman/listinfo/mikrotik<http://www.butchevans.com/mailman/listinfo/mikrotik> > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20120913/dab77701/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
