IP Blocking not working

Hello all, I’m having a issue with some bot from asia. I blocked the IP address using

chain=input action=drop src-address=222.236.44.7

I also followed the wiki which shows you how to enable brute force on ssh and ftp.

This user keeps showing up in my connections tab that they have established a connection via FTP to the router.

I have disabled the ftp service on the router also changed the port number on FTP.

I had to turn off warning logs from echoing cause it was getting out of hand.

If someone could guide me to a wiki or help me please

This rule

must be set on external interface. Sure?

what’s exactly in log?

11:03:30 system,error,critical login failure for user Shary from 222.236.44.74 via ftp
11:03:31 system,error,critical login failure for user Shary from 222.236.44.74 via ftp
11:03:32 system,error,critical login failure for user Shary from 222.236.44.74 via ftp
11:03:34 system,error,critical login failure for user Shary from 222.236.44.74 via ftp
11:03:34 system,error,critical login failure for user Shary from 222.236.44.74 via ftp
11:03:36 system,error,critical login failure for user Shary from 222.236.44.74 via ftp
11:03:36 system,error,critical login failure for user Shary from 222.236.44.74 via ftp

I just redid that chain including the in-interface still connected

Your rule is wrong:

chain=input action=drop src-address=222.236.44.7
should be
chain=input action=drop src-address=222.236.44.74

sorry I forgot the 4, but I do have it right

chain=input action=drop src-address=222.236.44.74 in-interface=ether1-gateway

Do you have an allow established or related rule before your drop?

-Louis

With and without In-Interface specified same results. Try putting the rule at rule 0 of the filter rules.