Feature requests

To make remote attacks mitigation more efficient we can provide option to add attacker IPs to firwall list this way: https://forum.mikrotik.com/viewtopic.php?t=184113

For example it may be useful to create flexible threshold only for specific type of traffic like: traffic from port 11211 udp and then in same time to have catch-all threshold which will include everything else to ensure protection from other attack types. We definitely can create static threshold for UDP traffic but it will catch traffic which is already included in flexible thresholds and both of them will trigger in same time which is not desirable outcome It cannot be implementer right now but by adding flexible threshold like this: 1) port 11211 udp 2) port 123 UDP 3) not port 123 and not port 11211 UDP Section 3 cannot be implemented right now but it's important for us to have in our tool

When adding a flowspec rule using the API the API does not return the newly created flowspec rule ID. This ID should be returned so that scripts can save it for later use (like to deleting the flowspec rule)

IPv6 support for BGP Flow spec mode

Add option to control gobgp_flow_spec_default_action and gobgp_flow_spec_rate_limit_value on hostgroup basis

In critical path of FastNetMon attack detection code we keep locks as long as we run all callback scripts. It may lead to artificially high delays. We need to rework current logic to logic which is used by hostgroup (via separate action queue with batching)

We have option to get discarded traffic from multiple vendors https://fastnetmon.com/docs-fnm-advanced/discarded-traffic-monitoring-in-fastnetmon-advanced/ and we need to export it to database Forwarding structure have following format: ``` enum class forwarding_status_t { unknown, forwarded, dropped, consumed }; ``

For hostgroups we provide logic to overwrite all the options we have inside: https://fastnetmon.com/docs-fnm-advanced/advanced-api/ It's not desirable when customer want to override few options and keep old values in place. It can be done using MongoDB's update or set capabilities and requires careful evaluation about FerretDB compatibility too.

Allowing a "timeout" parameter on manually (or API) added flowspec rule would ease things up when trying to add flowspec rule with a custom script (else the rules would never be automatically deleted, unless we keep track of them and delete them using api).

We have such option for hostgroups and we need to add it for main and bgp.