From MikroTik Wiki
Jump to navigation Jump to search


Sub-menu: /ip firewall raw

Firewall RAW table allows to selectively bypass or drop packets before connection tracking that way significantly reducing load on CPU. Tool is very useful for DOS attack mitigation.

RAW table does not have matchers that depend on connection tracking ( like connection-state, layer7 etc.).
If packet is marked to bypass connection tracking packet de-fragmentation will not occur.