====== Смотрим различную статистику ======
Посмотрим все соединения
[admin@torg] > /ip firewall connection print
Flags: S - seen reply, A - assured
# PROTOCOL SRC-ADDRESS DST-ADDRESS TCP-STATE TIMEOUT
0 SA udp 192.168.12.6:57582 213.24.127.137:52488 2m20s
1 SA udp 192.168.12.6:57582 213.242.3.172:62139 2m21s
2 SA tcp 192.168.12.4:1675 205.188.10.225:5190 established 3h59m45s
3 SA tcp 192.168.12.6:49171 217.20.147.94:443 established 3h59m56s
4 SA tcp 192.168.12.94:53396 217.69.138.102:2042 established 3h59m57s
5 SA udp 192.168.12.6:57582 176.49.189.228:58209 2m23s
6 udp 192.168.12.6:57582 192.168.254.18:52075 9s
7 SA udp 192.168.12.6:57582 188.162.229.132:62850 2m56s
8 S udp 192.168.12.6:53688 111.221.77.141:40004 0s
9 SA tcp 192.168.12.4:1067 94.100.188.171:2042 established 3h59m44s
10 udp 192.168.12.6:57582 94.245.121.251:3544 7s
11 SA udp 192.168.12.6:57582 83.246.231.47:58842 2m47s
12 SA udp 192.168.12.6:57582 94.141.36.60:58912 2m15s
13 SA tcp 192.168.12.6:63487 217.20.147.94:80 established 3h59m24s
. . . . . . . . . . . . .
-- [Q quit|D dump|down]
Посмотрим только активные соединения
[admin@torg] > /ip firewall connection print where tcp-state="established"
Flags: S - seen reply, A - assured
# PROTOCOL SRC-ADDRESS DST-ADDRESS TCP-STATE TIMEOUT
34 SA tcp 192.168.12.4:1675 205.188.10.225:5190 established 3h59m8s
35 SA tcp 192.168.12.94:53396 217.69.138.102:2042 established 3h59m3s
36 SA tcp 192.168.12.4:1067 94.100.188.171:2042 established 3h59m4s
37 SA tcp 192.168.12.6:63487 217.20.147.94:80 established 3h59m
38 SA tcp 192.168.12.4:1087 134.170.25.86:443 established 3h58m6s
39 SA tcp 192.168.12.4:1076 65.54.167.19:12350 established 3h52m6s
40 SA tcp 192.168.12.6:49252 74.125.143.100:443 established 3h58m49s
41 SA tcp 192.168.12.94:60547 74.125.143.100:443 established 3h58m57s
42 SA tcp 192.168.12.6:55022 94.100.188.169:2042 established 3h59m
43 SA tcp 192.168.12.6:55014 94.100.188.173:2042 established 3h58m49s
44 SA tcp 192.168.12.94:53786 65.55.223.31:40021 established 3h59m3s
45 SA tcp 192.168.12.6:49246 217.20.147.94:80 established 3h58m53s
46 SA tcp 192.168.12.6:49209 64.4.23.174:40026 established 3h58m58s
47 SA tcp 192.168.12.4:4268 157.55.130.175:40031 established 3h59m6s
48 SA tcp 77.34.32.32:35677 77.34.11.114:22 established 4m10s
49 SA tcp 192.168.12.94:53788 157.56.116.204:12350 established 3h54m3s
50 SA tcp 192.168.12.94:56838 64.4.47.11:443 established 3h59m4s
51 SA tcp 192.168.12.201:3720 192.168.2.210:445 established 3h59m8s
52 SA tcp 192.168.12.94:60495 217.69.139.216:443 established 3h59m8s
53 SA tcp 192.168.12.94:60616 217.20.147.94:443 established 3h58m40s
54 SA tcp 192.168.12.6:49213 91.190.218.55:12350 established 3h55m51s
55 SA tcp 192.168.12.6:49250 74.125.143.136:443 established 3h58m47s
56 SA tcp 192.168.12.6:50417 65.54.184.46:443 established 3h58m51s
57 SA tcp 192.168.12.94:60621 74.125.143.91:443 established 3h59m58s
58 SA tcp 192.168.12.94:60622 74.125.143.91:443 established 3h59m58s
59 SA tcp 192.168.12.94:60623 74.125.143.138:443 established 3h59m59s
60 SA tcp 192.168.12.94:60624 74.125.143.138:443 established 3h59m59s
Посмотрим все соединения для **192.168.12.94**
[admin@torg] > /ip firewall connection print where src-address~"192.168.12.94"
Flags: S - seen reply, A - assured
# PROTOCOL SRC-ADDRESS DST-ADDRESS TCP-STATE TIMEOUT
157 SA tcp 192.168.12.94:53396 217.69.138.102:2042 established 3h59m50s
158 SA udp 192.168.12.94:43127 177.99.236.85:24112 1m22s
159 SA tcp 192.168.12.94:53786 65.55.223.31:40021 established 3h59m18s
160 SA tcp 192.168.12.94:60650 74.125.143.102:443 established 3h59m58s
161 SA udp 192.168.12.94:43127 180.191.42.250:9134 1m22s
162 SA tcp 192.168.12.94:60651 217.20.147.94:443 established 3h59m56s
163 SA tcp 192.168.12.94:53788 157.56.116.204:12350 established 3h57m19s
164 SA tcp 192.168.12.94:56838 64.4.47.11:443 established 3h59m19s
165 SA tcp 192.168.12.94:60635 217.69.139.216:443 established 3h59m39s
Посмотрим все соединения на **443**-й порт
[admin@torg] > /ip firewall connection print where dst-address~":443"
Flags: S - seen reply, A - assured
# PROTOCOL SRC-ADDRESS DST-ADDRESS TCP-STATE TIMEOUT
166 SA tcp 192.168.12.4:1087 134.170.25.86:443 established 3h59m54s
167 SA tcp 192.168.12.94:60650 74.125.143.102:443 established 3h59m55s
168 SA tcp 192.168.12.94:60651 217.20.147.94:443 established 3h59m53s
169 SA tcp 192.168.12.94:56838 64.4.47.11:443 established 3h59m46s
170 SA tcp 192.168.12.94:60635 217.69.139.216:443 established 3h59m51s
171 SA tcp 192.168.12.6:50417 65.54.184.46:443 established 3h59m34s
то же самое что и выше - только с интервалом 2 секунды:
[admin@torg] > /ip firewall connection print interval=2 where dst-address~":443"
Flags: S - seen reply, A - assured
# PROTOCOL SRC-ADDRESS DST-ADDRESS TCP-STATE TIMEOUT
173 SA tcp 192.168.12.94:60666 74.125.143.100:443 established 3h58m23s
181 SA tcp 192.168.12.6:49963 74.125.143.93:443 time-wait 6s
182 SA tcp 192.168.12.4:1087 134.170.25.86:443 established 3h58m16s
174 SA tcp 192.168.12.94:60656 217.20.147.94:443 close-wait 7s
175 SA tcp 192.168.12.94:60664 74.125.143.91:443 established 3h58m21s
177 SA tcp 192.168.12.94:60650 74.125.143.102:443 established 3h58m52s
179 SA tcp 192.168.12.94:56838 64.4.47.11:443 established 3h57m14s
180 SA tcp 192.168.12.94:60635 217.69.139.216:443 established 3h58m48s
183 SA tcp 192.168.12.6:49986 217.20.147.94:443 established 3h58m41s
184 SA tcp 192.168.12.6:49965 74.125.143.100:443 time-wait 7s
185 SA tcp 192.168.12.6:50417 65.54.184.46:443 established 3h57m1s
188 SA tcp 192.168.12.6:49994 94.100.180.199:443 close-wait 1s
Посмотрим все активные соединения для **192.168.12.6** Период вывода - каждые **2** секунды:
[admin@torg] > /ip firewall connection print interval=2 where src-address~"168.12.6" and tcp-state~"estab"
Flags: S - seen reply, A - assured
# PROTOCOL SRC-ADDRESS DST-ADDRESS TCP-STATE TIMEOUT
285 SA tcp 192.168.12.6:50517 217.20.147.94:443 established 3h59m13s
286 SA tcp 192.168.12.6:50011 217.20.147.94:80 established 3h59m14s
287 SA tcp 192.168.12.6:55022 94.100.188.169:2042 established 3h59m28s
288 SA tcp 192.168.12.6:50471 217.20.147.94:80 established 3h59m54s
289 SA tcp 192.168.12.6:55014 94.100.188.173:2042 established 3h59m47s
290 SA tcp 192.168.12.6:49209 64.4.23.174:40026 established 3h59m48s
291 SA tcp 192.168.12.6:49213 91.190.218.55:12350 established 3h52m49s
292 SA tcp 192.168.12.6:50417 65.54.184.46:443 established 3h59m51s
Посмотрим только правила с **drop**
[admin@torg] > /ip firewall filter print where action="drop"
Flags: X - disabled, I - invalid, D - dynamic
2 chain=input action=drop protocol=tcp src-address-list=!ssl_allow dst-port=22
3 chain=input action=drop protocol=tcp src-address-list=ssh_blacklist dst-port=22
12 ;;; default configuration
chain=input action=drop in-interface=wan
15 ;;; default configuration
chain=forward action=drop connection-state=invalid
Посмотрим как часто срабатывают эти правила
[admin@torg] > /ip firewall filter print stats where action="drop"
Flags: X - disabled, I - invalid, D - dynamic
# CHAIN ACTION BYTES PACKETS
2 input drop 2 644 59
3 input drop 102 672 1 716
12 ;;; default configuration
input drop 37 695 146 510 809
15 ;;; default configuration
forward drop 2 990 235 74 120