User Tools

Site Tools


mikrotik_firewall_bruteforce_protection

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
mikrotik_firewall_bruteforce_protection [2019/12/24 10:43]
admin
mikrotik_firewall_bruteforce_protection [2020/04/29 18:55] (current)
admin
Line 1: Line 1:
 <​code>​ <​code>​
 /ip firewall filter /ip firewall filter
-add action=jump chain=input comment="​catch new UDP connections"​ connection-state=new dst-port=500,​4500,​1701,53 in-interface-list=WAN jump-target=anti-bruteforce protocol=udp src-address-list=!hosts.allow +add action=jump chain=input comment="​catch new UDP connections"​ connection-state=new dst-port=500,​4500,​1701 in-interface-list=WAN jump-target=anti-bruteforce protocol=udp src-address-list=!hosts.allow 
-add action=jump chain=input comment="​catch new TCP connections"​ connection-state=new dst-port=1723,​22,8291,53 in-interface-list=WAN jump-target=anti-bruteforce protocol=tcp src-address-list=!hosts.allow +add action=jump chain=input comment="​catch new TCP connections"​ connection-state=new dst-port=1723,​22,​53 in-interface-list=WAN jump-target=anti-bruteforce protocol=tcp src-address-list=!hosts.allow 
-add action=jump chain=forward comment="​catch new UDP connections"​ connection-state=new dst-port=500,​4500,​1701 in-interface-list=WAN jump-target=anti-bruteforce protocol=udp src-address-list=!hosts.allow+
 add action=jump chain=forward comment="​catch new TCP connections"​ connection-state=new dst-port=22,​3389 in-interface-list=WAN jump-target=anti-bruteforce protocol=tcp src-address-list=!hosts.allow add action=jump chain=forward comment="​catch new TCP connections"​ connection-state=new dst-port=22,​3389 in-interface-list=WAN jump-target=anti-bruteforce protocol=tcp src-address-list=!hosts.allow
 add action=return chain=anti-bruteforce comment="​return (allow) some catched connections back to main firewall flow" dst-limit=6/​1m,​6,​src-address/​2m add action=return chain=anti-bruteforce comment="​return (allow) some catched connections back to main firewall flow" dst-limit=6/​1m,​6,​src-address/​2m
mikrotik_firewall_bruteforce_protection.1577184201.txt.gz · Last modified: 2019/12/24 10:43 by admin