Hm. Ok. Odd.
So, something more like:
add action=log chain=IPS log-prefix=port_scan: protocol=tcp psd=10,3s,3,1
add action=drop chain=IPS protocol=tcp psd=10,3s,3,1
add action=tarpit chain=IPS protocol=tcp src-address-list=black_list
add action=log chain=IPS connection-limit=10,32 log-prefix=bla
add action=log chain=IPS limit=10,5 log-prefix=ping_flood: protocol=icmp
This will log any ICMP upto 10 packets per second, not more - I don't think
it's what you need.
2012/9/13 Jacob Heider
> Soon, I will be installing a routerboard (probably a 2011) for a bank as
> their primary router/fir
Soon, I will be installing a routerboard (probably a 2011) for a bank as
their primary router/firewall. Based on a little light reading, I'm
probably going to be using the following as a basic IPS configuration:
/ip firewall filter
add action=jump chain=input in-interface=ether1 jump-target=IPS
3 matches
Mail list logo
