layer7-protocol=bittorrent That part right there.
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Jan 20, 2011 at 3:20 PM, Robert Haas <[email protected]>wrote: > Is there any reason the following rules would cause 100% CPU usage? > > --- > > /ip firewall mangle > add action=mark-connection chain=prerouting comment="Peer to Peer - > Connection" disabled=no new-connection-mark=P2P_CON p2p=all-p2p > passthrough=yes protocol=tcp > add action=mark-connection chain=prerouting comment="BITTORRENT - LAYER 7 - > Connection" disabled=no layer7-protocol=bittorrent > new-connection-mark=P2P_CON \ > passthrough=yes > add action=add-src-to-address-list address-list=P2P_USERS > address-list-timeout=5m chain=prerouting comment="Peer to Peer - Add SRC to > Address List" \ > connection-mark=P2P_CON disabled=yes src-address=66.211.40.0/21 > > /ip firewall filter > add action=log chain=forward comment="Limit Peer to Peer Users" > connection-limit=40,32 connection-state=new disabled=yes > log-prefix=PEER_TO_PEER_CON_LIMIT \ > protocol=tcp src-address-list=P2P_USERS > add action=drop chain=forward comment="Limit Peer to Peer Users" > connection-limit=40,32 connection-state=new disabled=yes protocol=tcp > src-address-list=\ > P2P_USERS > > --- > > If I enable these rules the router goes to 100% CPU usage and begins puking > traffic. I've tried on two separate machines one running 5.0rc7 and another > running 4.16, both puked after a few minutes of heavy traffic. > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20110120/57e46242/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
