Bruteforce ssh prevention

cavaughan · November 13, 2014, 1:12am

I added the firewall filters to help prevent bruteforce logins on ssh per the instruction at:

http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention_(FTP_%26_SSH)

I see continual attempts that trace back to China trying to ssh in, but when I go to: /ip firewall address-list and issue print command, nothing is ever there.
Is there something else I need to do?

Since posting this I also found the following suggestion and changed everything accordingly
.
http://forum.mikrotik.com/t/max-login-attempts-per-ssh-session/71365/15

cavaughan · November 14, 2014, 10:57pm

So, the latter in my understanding of what it should do is not working. I’m watching right now attempted ssh logins, dozens in a row from the same ip all for root. But the rules never applied. Any ideas what’s going on?

eyegeegeewhy · December 16, 2014, 12:32pm

I could never get this working either

jarda · December 16, 2014, 1:14pm

Check the rules order and if address lists are filled.