User Tools

Site Tools


mikrotik_firewall_bruteforce_protection

This is an old revision of the document!


/ip firewall filter
add action=jump chain=input comment="catch new UDP connections" connection-state=new dst-port=500,4500,1701,53 in-interface-list=WAN jump-target=anti-bruteforce protocol=udp src-address-list=!hosts.allow
add action=jump chain=input comment="catch new TCP connections" connection-state=new dst-port=1723,22,8291,53 in-interface-list=WAN jump-target=anti-bruteforce protocol=tcp src-address-list=!hosts.allow
add action=jump chain=forward comment="catch new UDP connections" connection-state=new dst-port=500,4500,1701 in-interface-list=WAN jump-target=anti-bruteforce protocol=udp src-address-list=!hosts.allow
add action=jump chain=forward comment="catch new TCP connections" connection-state=new dst-port=22,3389 in-interface-list=WAN jump-target=anti-bruteforce protocol=tcp src-address-list=!hosts.allow
add action=return chain=anti-bruteforce comment="return (allow) some catched connections back to main firewall flow" dst-limit=6/1m,6,src-address/2m
add action=add-src-to-address-list address-list=block-bruteforce address-list-timeout=1w chain=anti-bruteforce comment="add bruteforce IP to block-list"

/ip firewall raw
add action=drop chain=prerouting comment=bruteforce in-interface-list=WAN src-address-list=block-bruteforce
mikrotik_firewall_bruteforce_protection.1577184201.txt.gz · Last modified: 2019/12/24 10:43 by admin