I performed a search on this and could not find a solution.
There is a specific IP address constantly trying to connect to my Mikrotik through SSH.
I go to Firewall, Filter, and then choose forward, input the persons ip address as source and then choose action as drop. I still see the IP address contrantly trying to brute force into my equipment. What are your thoughts?
/ip firewall filter
add src-address= in-interface=your WAN interface action=drop
Try this , i think this will help you out
chain should be input
FFR…
/ip firewall filter
add chain=input src-address= in-interface=yourWAN interface action=drop
True… However… you might also consider another approach to limit access to your router.
Create a Firewall address list consisting of the IP Blocks and/or IP addresses that you might want to access your router(s) from.
Then implicitly allow access from that list to the router on TCP Ports 21-23, 80, 8291 and 161 ahead of your final drop rule.
At least in my humble opionion, one should specifically ALLOW certain types of traffic into the router from certain IP Blocks, then drop everything else.