202
AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers
RouterOS v3 Configuration and User Guide
time
- specifies the time interval over which the packet rate is measured
burst
- number of packets to match in a burst
log-prefix
(
text
) - all messages written to logs will contain the prefix specified herein. Used in
conjunction with
action=log
nth
(
integer
,
integer
: 0..15,
integer
{0,1}) - match a particular Nth packet received by the rule. One of 16
available counters can be used to count packets
every
- match every
every+1
th packet. For example, if
every=1
then the rule matches every 2nd
packet
counter
- specifies which counter to use. A counter increments each time the rule containing
nth
match
matches
packet
- match on the given packet number. The value by obvious reasons must be between
0
and
every
. If this option is used for a given counter, then there must be at least
every+1
rules with this
option, covering all values between
0
and
every
inclusively.
out-bridge-port
(
name
) - actual interface the packet is leaving the router through (if bridged, this
property matches the actual bridge port, while
out-interface
- the bridge itself)
out-interface
(
name
) - interface the packet is leaving the router through (if the interface is bridged, then
the packet will appear to leave through the bridge interface itself)
p2p
(all-p2p | bit-torrent | blubster | direct-connect | edonkey | fasttrack | gnutella | soulseek | warez |
winmx) - matches packets from various peer-to-peer (P2P) protocols
packet-mark
(
text
) - matches packets marked via mangle facility with particular packet mark
packet-size
(
integer
: 0..65535-
integer
: 0..65535{0,1}) - matches packet of the specified size or size range
in bytes
min
- specifies lower boundary of the size range or a standalone value
max
- specifies upper boundary of the size range
port
(
port
{0-16}) - matches if any (source or destination) port matches the specified list of ports or port
ranges (note that the
protocol
must still be selected, just like for the regular
src-port
and
dst-port
matchers)
protocol
(ddp | egp | encap | ggp | gre | hmp | icmp | idrp-cmtp | igmp | ipencap | ipip | ipsec-ah | ipsec-
esp | iso-tp4 | ospf | pup | rdp | rspf | st | tcp | udp | vmtp | xns-idp | xtp |
integer
) - matches particular IP
protocol specified by protocol name or number. You should specify this setting if you want to specify
ports
psd
(
integer
,
time
,
integer
,
integer
) - attempts to detect TCP and UDP scans. It is advised to assign lower
weight to ports with high numbers to reduce the frequency of false positives, such as from passive mode
FTP transfers
WeightThreshold
- total weight of the latest TCP/UDP packets with different destination ports coming
from the same host to be treated as port scan sequence
DelayThreshold
- delay for the packets with different destination ports coming from the same host to
be treated as possible port scan subsequence
LowPortWeight
- weight of the packets with privileged (<=1024) destination port
HighPortWeight
- weight of the packet with non-priviliged destination port
random
(
integer
: 1..99) - matches packets randomly with given propability
reject-with
(icmp-admin-prohibited | icmp-echo-reply | icmp-host-prohibited | icmp-host-unreachable |
icmp-net-prohibited | icmp-network-unreachable | icmp-port-unreachable | icmp-protocol-unreachable |
tcp-reset |
integer
) - alters the reply packet of
reject
action
routing-mark
(
name
) - matches packets marked by mangle facility with particular routing mark
src-address
(
IP address
/
netmask
|
IP address
-
IP address
) - specifies the address range an IP packet is
originated from. Note that console converts entered
address/netmask
value to a valid network
address, i.e.:
1.1.1.1/24
is converted to
1.1.1.0/24
src-address-list
(
name
) - matches source address of a packet against user-defined address list
src-address-type
(unicast | local | broadcast | multicast) - matches source address type of the IP packet,
one of the:
unicast
- IP addresses used for one point to another point transmission. There is only one sender and
one receiver in this case
local
- matches addresses assigned to router's interfaces
broadcast
- the IP packet is sent from one point to all other points in the IP subnetwork
multicast
- this type of IP addressing is responsible for transmission from one or more points to a set of
other points
src-mac-address
(
MAC address
) - source MAC address
src-port
(
integer
: 0..65535-
integer
: 0..65535{*}) - source port number or range