Sometimes you may see when you are torching the interface in that case it's showing huge SMTP traffic so if there is any false connection has been established over SMTP protocol then you can find these hosts in your network ..
/ip firewall filter
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
1d chain=forward comment="spam 25 port listing rules" connection-limit=\
60,32 dst-port=25 protocol=tcp
add action=drop chain=forward comment="spammer's mail deny" dst-port=25 \
protocol=tcp src-address-list=spammer
Or
/ip firewall filter
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
1d chain=forward comment="25 port listing rules" connection-limit=60,32 \
dst-port=25 limit=60,5 protocol=tcp
add action=drop chain=forward comment="spammer's mail" dst-port=25 protocol=\
tcp src-address-list=spammer
No comments:
Post a Comment