Manual:IP/Firewall/Raw

From MikroTik Wiki
< Manual:IP‎ | Firewall
Revision as of 17:41, 22 July 2016 by Marisb (talk | contribs) (Created page with "==Summary== <p id="shbox"><b>Sub-menu:</b> <code>/ip firewall raw</code></p> <br /> <p> Firewall RAW table allows to selectively bypass or drop packets before connection trac...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Summary

Sub-menu: /ip firewall raw


Firewall RAW table allows to selectively bypass or drop packets before connection tracking that way significantly reducing load on CPU. Tool is very useful for DOS attack mitigation. RAW table does not have matchers that depend on connection tracking ( like connection-state, layer7 etc.). If packet is marked to bypass connection tracking packet de-fragmentation will not occur.