AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers
201
RouterOS v3 Configuration and User Guide
unicast
- IP addresses used for one point to another point transmission. There is only one sender and
one receiver in this case
local
- matches addresses assigned to router's interfaces
broadcast
- the IP packet is sent from one point to all other points in the IP subnetwork
multicast
- this type of IP addressing is responsible for transmission from one or more points to a set of
other points
dst-limit
(
integer
/
time
{0,1},
integer
,dst-address | dst-port | src-a},
time
{0,1}) - limits the packet per
second (pps) rate on a per destination IP or per destination port base. As opposed to the
limit
match,
every destination IP address / destination port has it's own limit. The options are as follows (in order of
appearance):
count
- maximum average packet rate, measured in packets per second (pps), unless followed by
time
option
time
- specifies the time interval over which the packet rate is measured
burst
- number of packets to match in a burst
mode
- the classifier(-s) for packet rate limiting
expire
- specifies interval after which recorded IP addresses / ports will be deleted
dst-port
(
integer
: 0..65535-
integer
: 0..65535{*}) - destination port number or range
fragment
(yes | no) - whether the packet is a fragment of an IP packet. Starting packet (i.e., first
fragment) does not count. Note that is the connection tracking is enabled, there will be no fragments as
the system automatically assembles every packet
hotspot
(
multiple choice:
auth | from-client | http | local-dst | to-client) - matches packets received from
clients against various HotSpot conditions. All values can be negated
auth
- true, if a packet comes from an authenticted HotSpotclient
from-client
- true, if a packet comes from any HotSpot client
http
- true, if a HotSpot client sends a packet to the address and port previously detected as his proxy
server (Universal Proxy technique) or if the destination port is 80 and transparent proxying is enabled for
that particular client
local-dst
- true, if a packet has local destination IP address
to-client
- true, if a packet is sent to a client
icmp-options
(
integer
:
integer
) - matches ICMP Type:Code fields
in-bridge-port
(
name
) - actual interface the packet has entered the router through (if bridged, this
property matches the actual bridge port, while
in-interface
- the bridge itself)
in-interface
(
name
) - interface the packet has entered the router through (if the interface is bridged,
then the packet will appear to come from the bridge interface itself)
ingress-priority
(
integer
: 0..63) - INGRESS (received) priority of the packet, if set (
0
otherwise). The
priority may be derived from either VLAN or WMM priority
ipv4-options
(any | loose-source-routing | no-record-route | no-router-alert | no-source-routing | no-
timestamp | none | record-route | router-alert | strict-source-routing | timestamp) - match ipv4 header
options
any
- match packet with at least one of the ipv4 options
loose-source-routing
- match packets with loose source routing option. This option is used to route
the internet datagram based on information supplied by the source
no-record-route
- match packets with no record route option. This option is used to route the
internet datagram based on information supplied by the source
no-router-alert
- match packets with no router alter option
no-source-routing
- match packets with no source routing option
no-timestamp
- match packets with no timestamp option
record-route
- match packets with record route option
router-alert
- match packets with router alter option
strict-source-routing
- match packets with strict source routing option
timestamp
- match packets with timestamp
jump-target
(forward | input | output |
name
) - name of the target chain to jump to, if the
action=jump
is used
layer7-protocol
(
name
) - Layer 7 filter name as set in the
/ip firewall layer7-protocol
menu. Caution:
this matcher needs high computational power
limit
(
integer
/
time
{0,1},
integer
) - restricts packet match rate to a given limit. Usefull to reduce the amount
of log messages
count
- maximum average packet rate, measured in packets per second (pps), unless followed by
time
option