Manual:IP/Firewall/Raw: Difference between revisions
Jump to navigation
Jump to search
Created page with "==Summary== <p id="shbox"><b>Sub-menu:</b> <code>/ip firewall raw</code></p> <br /> <p> Firewall RAW table allows to selectively bypass or drop packets before connection trac..." |
|||
| Line 5: | Line 5: | ||
<p> | <p> | ||
Firewall RAW table allows to selectively bypass or drop packets before connection tracking that way significantly reducing load on CPU. Tool is very useful for DOS attack mitigation. | Firewall RAW table allows to selectively bypass or drop packets before connection tracking that way significantly reducing load on CPU. Tool is very useful for DOS attack mitigation. | ||
</p> | |||
RAW table does not have matchers that depend on connection tracking ( like connection-state, layer7 etc.). | <p>RAW table does not have matchers that depend on connection tracking ( like connection-state, layer7 etc.). <br /> | ||
If packet is marked to bypass connection tracking packet de-fragmentation will not occur. | If packet is marked to bypass connection tracking packet de-fragmentation will not occur. | ||
</p> | </p> | ||
Revision as of 16:42, 22 July 2016
Summary
Sub-menu: /ip firewall raw
Firewall RAW table allows to selectively bypass or drop packets before connection tracking that way significantly reducing load on CPU. Tool is very useful for DOS attack mitigation.
RAW table does not have matchers that depend on connection tracking ( like connection-state, layer7 etc.).
If packet is marked to bypass connection tracking packet de-fragmentation will not occur.