MikroTik RouterOS v2.9 Reference Manual page 458

ipsec-esp | iso-tp4 | ospf | pup | rdp | rspf | st | tcp | udp | vmtp | xns-idp | xtp | integer ) - matches
particular IP protocol specified by protocol name or number. You should specify this setting if you
want to specify ports
psd ( integer | time | integer | integer ) - attempts to detect TCP and UDP scans. It is advised to
assign lower weight to ports with high numbers to reduce the frequency of false positives, such as
from passive mode FTP transfers
• WeightThreshold - total weight of the latest TCP/UDP packets with different destination ports
coming from the same host to be treated as port scan sequence
• DelayThreshold - delay for the packets with different destination ports coming from the same
host to be treated as possible port scan subsequence
• LowPortWeight - weight of the packets with privileged (<=1024) destination port
• HighPortWeight - weight of the packet with non-priviliged destination port
random ( integer : 1 ..99 ) - matches packets randomly with given propability
reject-with ( icmp-admin-prohibited
icmp-host-unreachable | icmp-net-prohibited | icmp-network-unreachable | icmp-port-unreachable |
icmp-protocol-unreachable | tcp-reset | integer ) - alters the reply packet of reject action
routing-mark ( name ) - matches packets marked by mangle facility with particular routing mark
src-address ( IP address | netmask | IP address | IP address ) - specifies the address range an IP
packet is originated from. Note that console converts entered address/netmask value to a valid
network address, i.e.:1.1.1.1/24 is converted to 1.1.1.0/24
src-address-list ( name ) - matches source address of a packet against user-defined address list
src-address-type ( unicast | local | broadcast | multicast ) - matches source address type of the IP
packet, one of the:
• unicast - IP addresses used for one point to another point transmission. There is only one
sender and one receiver in this case
• local - matches addresses assigned to router's interfaces
• broadcast - the IP packet is sent from one point to all other points in the IP subnetwork
• multicast - this type of IP addressing is responsible for transmission from one or more points to
a set of other points
src-mac-address ( MAC address ) - source MAC address
src-port ( integer : 0 ..65535 | integer : 0 ..65535 ) - source port number or range
tcp-flags ( ack | cwr | ece | fin | psh | rst | syn | urg ) - tcp flags to match
• ack - acknowledging data
• cwr - congestion window reduced
• ece - ECN-echo flag (explicit congestion notification)
• fin - close connection
• psh - push function
• rst - drop connection
• syn - new connection
• urg - urgent data
tcp-mss ( integer : 0 ..65535 ) - matches TCP MSS value of an IP packet
Page 444 of 695
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
| icmp-echo-reply | icmp-host-prohibited |