I found this method is the best way to prevent DDoS Attack from your users to attacked resources and drop DDoS directed to your clients.
First, we catch all new connections and send them to dedicated firewall chain:
/ip firewall filter
add chain=forward connection-state=new action=jump...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.