Hi,
I have a PPTP server running on my router, and occasionally get brute force attempts on the login.
I periodically block these IPs, however I have noticed that the blocklist I have is not working.
Here is the connection I am attempting to block (I left his IP in ha)
input: in:Eth1-Outside out:(unknown 0), src-mac 50:5d:ac:4e:82:24, proto TCP (SYN), 92.63.194.27:44684->x.x.x.x:1723, len 60
The firewall rule I have is (1st rule):
/ip firewall address-list
add address=141.98.80.115 list=Blocked
add address=162.243.140.155 list=Blocked
add address=92.63.194.27 list=Blocked
add address=185.232.67.13 list=Blocked
add address=46.161.27.42 list=Blocked
add address=92.63.194.47 list=Blocked
add address=141.98.80.128 list=Blocked
/ip firewall filter
add action=drop chain=input comment=“Blocked IPs” log=yes src-address-list=Blocked
Does the OS accept the PPTP before the firewall or something? How can I block these unwanted IPs?