Hi
i have recently stumbled upon various ssh, telnet and ftp firewall script rules, and i would like to distribute them into my mikrotiks via scripting
example: i have 192.168.1.2, 192.168.1.100, 10.10.1.2 (there is no clear address range)
1. i would like to export an ip list of my routers unto a sequential connection script
2. telnet into them one by one
3. implement the scripts
4. logout
5. move on to the next one
should i use prizm or some other tool to simplify the solution?
here are the ssh, ftp and telnet scripts (the original post came fromhttp://forum.mikrotik.com//viewtopic.php?f=9&t=17292) the others are simple name and port variations
ssh blocker
/ ip firewall filter
add chain=input protocol=tcp dst-port=22 src-address-list=black_list action=drop \
comment="drop ssh brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new \
action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" \
disabled=no
ftp blocker
/ ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=black_list action=drop \
comment="drop ftp brute forcers" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment="" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage2 action=add-src-to-address-list address-list=ftp_stage3 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
src-address-list=ftp_stage1 action=add-src-to-address-list address-list=ftp_stage2 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=21 connection-state=new \
action=add-src-to-address-list address-list=ftp_stage1 address-list-timeout=1m comment="" \
disabled=no
telnet blocker
/ ip firewall filter
add chain=input protocol=tcp dst-port=23 src-address-list=black_list action=drop \
comment="drop telnet brute forcers" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage3 action=add-src-to-address-list address-list=black_list address-list-timeout=1d \
comment="" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage2 action=add-src-to-address-list address-list=telnet_stage3 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
src-address-list=telnet_stage1 action=add-src-to-address-list address-list=telnet_stage2 address-list-timeout=1m \
comment="" disabled=no
add chain=input protocol=tcp dst-port=23 connection-state=new \
action=add-src-to-address-list address-list=telnet_stage1 address-list-timeout=1m comment="" \
disabled=no