Manual:IP/Firewall/Raw: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
(Created page with "==Summary== <p id="shbox"><b>Sub-menu:</b> <code>/ip firewall raw</code></p> <br /> <p> Firewall RAW table allows to selectively bypass or drop packets before connection trac...")
 
Line 5: Line 5:
<p>
<p>
Firewall RAW table allows to selectively bypass or drop packets before connection tracking that way significantly reducing load on CPU. Tool is very useful for DOS attack mitigation.
Firewall RAW table allows to selectively bypass or drop packets before connection tracking that way significantly reducing load on CPU. Tool is very useful for DOS attack mitigation.
</p>


RAW table does not have matchers that depend on connection tracking ( like connection-state, layer7 etc.).
<p>RAW table does not have matchers that depend on connection tracking ( like connection-state, layer7 etc.). <br />
If packet is marked to bypass connection tracking packet de-fragmentation will not occur.
If packet is marked to bypass connection tracking packet de-fragmentation will not occur.
</p>
</p>

Revision as of 14:42, 22 July 2016

Summary

Sub-menu: /ip firewall raw


Firewall RAW table allows to selectively bypass or drop packets before connection tracking that way significantly reducing load on CPU. Tool is very useful for DOS attack mitigation.

RAW table does not have matchers that depend on connection tracking ( like connection-state, layer7 etc.).
If packet is marked to bypass connection tracking packet de-fragmentation will not occur.