Would the following be effective at limiting DNS traffic from IPs not in the DNS_Servers address list?
/ip firewall mangle add action=mark-packet chain=prerouting connection-limit=3,32 disabled=no dst-port=53 new-packet-mark=Other_DNS passthrough=no protocol=tcp src-address-list=!DNS_Servers add action=mark-packet chain=prerouting connection-limit=3,32 disabled=no dst-port=53 new-packet-mark=Other_DNS passthrough=no protocol=udp src-address-list=!DNS_Servers /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=15k name=queue1 packet-mark=Other_DNS parent=global-in priority=8 queue=default ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140704/47668b99/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
