Hello,
have some rules like drop ssh after x attempts, block winbox after x attempts etc.
I want to add IP address to “block everything” address list if someone tries to access to winbox, ssh, ipsec etc.
Currently it works:
someone tries to access to winbox → IP added to “winbox_blacklist” address list (for 30 days)
the same IP address tries to access to ssh → IP added to “ssh_blacklist” address list (for 30 days)
And I want to make script which will check if there are some address lists with the same IP. If yes, it adds IP address to “total_blacklist” for XY days.
You can just use more filter rules and keep increasing the time an IP is black listed…
For example you add an IP to a black list for 30 days.. if that same IP tries again to login you can add it to black list for 60 days… and so on…
You dont actually need any script…
Its actually really simple…
Since you have already added the IP address in the address list, you create a new rule and place it above the one you have now… the rule should be the same except that in the src address list you should select the address list already containing the blocked ip…
Then just increase the time that IP stays in your black list…