tplecko wrote:
Access-lists can only be used with wireless interfaces...
My router has no wireless interfaces.
Public interface, DMZ interface and LAN interface (all wires)
On WAN i have static IP addresses and my log's are full of failed login attempts from the same IP address for hours....
I can't block remote access because i connect to the router the same way.
But regardless of where the attempts are comming from. Is there any way to prevent this?
Is there a way to add users IP to an address-list when he failes to logon? and count souch logins? If number of failed logins is greater than eg. 5 in the last minute, bloch the IP for 45 minutes?
I'm pretty new to scripting and some of the more advanced functions but i understand a good example!
Regards
/ip firewall filter add chain=input src-address="YOURIPORSUBNET" action=accept
/ip firewall filter add chain=input action=drop
For mutiple input ip/subnets execute first rule as many times as you have ip/subnets that has to communicate with router directly.
Alternatively, you can use this:
/ip firewall filter add chain=input action=drop dst-port=21
/ip firewall filter add chain=input action=drop dst-port=22
/ip firewall filter add chain=input action=drop dst-port=23
/ip firewall filter add chain=input action=drop dst-port=80
/ip firewall filter add chain=input action=drop dst-port=8291
instead of the drop rule above to drop only "auth-type" services.
Putting ip addresses to access-list is still not secure enough (what is somebody guess you user/pass at first time?)